Cybersecurity-PAM-Delinea-Senior Associate

A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe. Our Identity and Access Management team focuses on helping our clients design, implement and operate effective access controls that protect against threats, support business objectives, and enable growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organizations, partners and customers. Youll play an integral role in helping our clients ensure they are protected by using the latest strategies and tools in effectively managing access to all this data. Our team helps organizations manage access to critical assets by focusing on areas like Access Management (AM), Identity Governance & Administration (IGA), Privileged Access Management (PAM), Entitlement Management and Directories. In joining, youll be a part of a team that values technical and business acumen and provides training and development to extend and develop your skills while, fostering a strong collaborative culture. Youll have the opportunity to focus on Access Management (AM), Identity Governance & Administration (IGA), Privileged Access Management (PAM), Entitlement Management and Directories, among other skills.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

Responsibilities

As an Associate, youll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Invite and provide evidence-based feedback in a timely and constructive manner.
• Share and collaborate effectively with others.
• Work with existing processes/systems whilst making constructive suggestions for improvements.
• Validate data and analysis for accuracy and relevance.
• Follow risk management and compliance procedures.
• Keep up-to-date with technical developments for business area.
• Communicate confidently in a clear, concise and articulate manner - verbally and in written form.
• Seek opportunities to learn about other cultures and other parts of the business across the Network of PwC firms.
• Uphold the firms code of ethics and business conduct
  
  

• 4+ years of hands-on implementation experience with CyberArk PAM or Delinea (Thycotic) Secret Server and Privilege Manager, including installation, configuration, and migration.
• Proven work in designing policies, certifications/attestations, workflows, and custom connectors/integrations for PAM.
• Proficiency deploying and configuring:
• CyberArk: Vault, PVWA, CPM, PSM, PTA, platforms, connection components, plugins.
  
  

• Delinea: Secret Server (on-prem/cloud), Connection Manager, Distributed Engines/Scanners, Session launchers, Password management connectors, Privilege Manager (endpoint elevation policies and application control).
• Strong knowledge of account/service discovery, auto-onboarding, password/SSH key rotation, and task scheduling across both platforms.
• Experience managing access to Windows, Unix/Linux, web portals, and RDP/Citrix published applications.
• Automation and scripting with at least one: Python, PowerShell, or Shell; solid use of REST APIs and SDKs. AutoIT or equivalent for connector customization is a plus.
• Ability to create custom scanners and custom reporting in Delinea.
• Understanding of DevOps concepts: provisioning from scratch, service setup, and CI/CD integrations for secrets management and credential injection.
• Familiarity with HA/DR architecture, certificates/TLS/PKI, load balancers, and enterprise hardening standards.
• Strong documentation, stakeholder management, and Agile delivery skills (backlog management, sprint ceremonies, UAT facilitation).
  
  

• CyberArk Sentry (Mandatory)
• CyberArk Certified Delivery Engineer – Privilege Access Manager (CDE-PAM) (On-Prem)
• CyberArk Certified Delivery Engineer – Privilege Cloud (CDE-CPC)
  
  

• Certified Engineer – Secret Server
• Certified Engineer – Privilege Manager
  
  

• Document, and prioritize PAM requirements across business, infrastructure, cloud, and application teams; create process maps, user stories, use cases, and acceptance criteria.
• Design and oversee implementation of CyberArk PAS (Vault, PVWA, CPM, PSM, PTA) and Delinea platforms (Secret Server, Privilege Manager, Connection Manager, Distributed Engines) on-prem and/or cloud.
• Define and implement user policies, certification campaigns, and privileged account provisioning and de-provisioning workflows (joiner/mover/leaver, access request/approval, recertification).
• Manage onboarding of target systems and applications into CyberArk and Delinea, including Windows, Unix/Linux, databases, web portals, RDP/Citrix published apps, network devices, and cloud services (AWS/Azure/GCP).
• Configure and optimize discovery tools for accounts, services, SSH keys, and tasks (CyberArk discovery services; Delinea Discovery Scanner), including auto-detection and auto-onboarding.
• Implement application-to-application credential delivery:
• CyberArk AAM/CCP and PAS Web Services for secrets injection.
• Delinea AAPM/Secret Server SDK and REST for credential brokering.
• Define and implement vaulting, rotation, and heartbeat policies for human and non-human identities; enable SSH key and password rotation, check-out/check-in, dual control, and break-glass.
• Configure secure session management and recording (CyberArk PSM; Delinea Session Recording/Connection Manager) with JIT/JEA, approval workflows, and real-time monitoring.
• Customize platforms, connectors, and plugins:
• CyberArk CPM/PSM connectors, platform templates, and connection components.
• Delinea custom password changes, connection/process elevational rules in Privilege Manager.
• Drive automation via REST APIs/SDKs (CyberArk PAS/AIM, Delinea Secret Server/Privilege Manager) for onboarding, rotation, access workflows, and reporting.
• Provide architecture input for access control, entitlements, application credentials, and user access policy management; ensure high availability, disaster recovery, backup/restore, and regular DR testing.
• Integrate PAM with enterprise services: AD/LDAP, SSO/MFA (SAML/OIDC/RADIUS), SIEM/SOAR, ITSM (e.g., ServiceNow), IGA (e.g., SailPoint/Saviynt), and DevOps toolchains (Jenkins, GitLab, Azure DevOps) for secrets in CI/CD.
• Establish PAM standards, patterns, and best practices; serve as SME for CyberArk and Delinea, advising on roadmap, platform upgrades, health, and capacity.
• Define KPIs and produce operational and compliance reports (rotation success, onboarding throughput, session usage, policy exceptions); support audits (SOX, PCI, ISO 27001) and evidence collection.
• Lead change management: stakeholder alignment, communication, training, UAT, runbooks, and handover to operations.