CyberArk PAM

🌍 Remote, USA 🎯 Full-time 🕐 Posted Recently

Job Description

Description

This role is responsible for hands-on execution of a high-risk access reduction initiative focused on Active Directory privileged access across server and workstation environments. The consultant will analyze, remediate, and reduce standing administrative access by untangling nested AD group structures, validating access with application and infrastructure teams, and enabling transition to CyberArk Just-In-Time (JIT) access models.

Analyze and flatten complex, nested Active Directory group structures (server and workstation admin groups)
Identify and document effective access across multi-level group nesting
Partner with application and infrastructure teams to validate required vs. excessive access
Drive removal of unnecessary privileged access and track measurable reductions
Execute cleanup of local administrator rights across servers and workstations
Produce before/after reporting on privileged access reduction (group size, membership, exposure)
Support onboarding of eligible teams to CyberArk JIT / ephemeral access models
Create clear documentation of group ownership, purpose, and access justification
Work through backlog of remediation tasks and drive closure

Strong hands-on experience with Active Directory, including:
Nested group analysis
Admin group structures (domain, server, workstation)
Access inheritance and effective permissions
Proven experience performing AD or privileged access cleanup/remediation at scale
PowerShell scripting experience (required)
Ability to extract, analyze, and report on AD group membership
Experience working in multi-domain / multi-forest environments
Familiarity with Windows server and workstation administration models
Experience with PAM concepts and tools (CyberArk preferred)
Ability to manage and track work across a backlog of remediation tasks
Strong communication skills to engage with technical teams and validate access requirements