TC-CS-IAM-CyberArk EPM-Senior

CyberArk EPM Implementation & Operations

• Lead end-to-end implementation of CyberArk Endpoint Privilege Manager, including architecture design, agent deployment, policy configuration, and enterprise integrations.
• Design and implement conditional, policy-based elevation workflows and granular application control to enable secure productivity.
• Enable and optimize EPM’s credential theft protection and isolation controls to prevent lateral movement across endpoint environments.
• Implement and manage CyberArk PAM and EPM controls, including privileged account onboarding, least privilege policies, credential theft protection, application control, and elevation workflows across enterprise endpoints.
• Configure and support Loosely Connected Devices (LCD) to ensure EPM policies, privilege elevation rules, and security protections remain enforced for endpoints operating offline or with intermittent connectivity.
• Configure and validate ransomware protection frameworks leveraging EPM's multi-layer defense.
• Maintain ongoing policy tuning, rollout automation, and operational hygiene across Windows, macOS, and Linux endpoints.

Migration from BoKS to CyberArk EPM (Optional but good to have as the current scope does require this)

• Conduct detailed analysis of existing BoKS configurations, including access rules, sudo delegation, host/domain structures, authentication flow, and privilege models.
• Redesign BoKS policies into CyberArk EPM’s least privilege and application-based policy framework.
• Lead agent transition planning, coexistence strategy, compatibility assessments, and phased cutover execution.
• Ensure policy equivalence while modernizing privilege controls to meet EY’s global Zero Trust and identity security requirements.

Manage remediation, documentation, and risk assessments associated with the migration.