Security Engineer Iii (Cyberark) in London

Condé Nast is a global media company producing the highest quality content with a footprint of more than 1 billion consumers in 32 territories through print, digital, video and social platforms. The company's portfolio includes many of the world's most respected and influential media properties including Vogue, Vanity Fair, Glamour, Self, GQ, The New Yorker, Condé Nast Traveler/Traveller, Allure, AD, Bon Appétit and Wired, among others.

Condé Nast thrives on collaboration, and our teams come together in the office four days a week (Monday‐Thursday). We value diversity of background, views and cultures. We celebrate people for their personal qualities, skills and contributions, recognising the power our brands have to influence and shape culture. Condé Nast is an equal‐opportunity employer.

Role: Condé Nast is looking for a Security Engineer to join our global Cyber Security team. This is a high‐visibility role designed for a technical lead who can bridge the gap between complex project delivery and long‐term security engineering excellence.

The successful candidate would have worked predominantly in the Identity and Access Management (IAM) space, specialising as an SME in the area of Privilege Access Management (PAM). As such you will have extensive knowledge of PAM solutions across multi‐cloud and hybrid‐on‐premises environments, additionally you will have experience with identity lifecycle management as a whole and federated authentication protocols such as SAML, OIDC, and OAuth 2.0.

As our SME within the PAM space, your journey will begin working on our global Privileged Access Management (PAM) project, where you will be responsible for the end‐to‐end implementation and delivery of our Privileged Access Management solution into the organisation. By the time of deployment you will have proven experience delivering end‐to‐end PAM solutions, including multiple CyberArk Privileged Cloud implementations for medium to large organisations, and have worked in a professional services or consultancy capacity previously.

Following the successful deployment of the PAM platform, you will maintain end‐to‐end technical ownership as the platform's SME. This role reports to the Senior Security Architecture Manager, but works closely with the Security Architect to ensure our PAM and IAM solutions are deployed effectively throughout the organisation.

Responsibilities:

• Act as the primary SME and technical owner for CyberArk Privilege Cloud throughout the project lifecycle; spearheading design, implementation and onboarding phases, orchestrating transition to Business‐As‐Usual (BAU), and providing technical support and platform governance post‐delivery.
• Provide other team members with knowledge transfer and upskilling on PAM.
• Integrate SaaS, Cloud and on‐premises applications with CyberArk as needed.
• Establish and maintain ongoing processes and procedures needed as part of the overarching PAM program, including the PAM standard.
• Act as the senior escalation point for complex PAM tooling issues, working with internal teams (Infrastructure, Support, Networking, Identity) and vendors to resolve issues.
• Collaborate with the Identity team to evaluate emerging platform features and roadmap enhancements, ensuring new capabilities are architected and integrated into the global security stack with a focus on scalability and resilience.
• Create, maintain and update design documentation, technical documentation, service guides and administrative guides for security tooling.
• Provide administrative and overall support of the PAM platform, assisting with upgrades, maintenance, DR testing and management of the platform as a whole.
• Ensure the platform is integrated with on‐prem SIEM solutions and work with the SOC team to define identity and privilege use cases and set up alerting as needed.
• Support the security engineering team with the management of detection and response tooling when required.

Who You Are:

• Senior PAM Engineer/Consultant with 4+ years' experience designing and implementing CyberArk Privilege Cloud in complex enterprise environments.
• Certified as a CyberArk Sentry – Privilege Cloud Engineer or CyberArk Certified Delivery Engineer (CDE).
• Strong understanding of privileged identity lifecycle management, including onboarding Active Directory users and local Windows/Linux administrator accounts.
• Experience integrating CyberArk with Okta for identity lifecycle management and deploying core components such as SIA.
• Broad technical knowledge of Active Directory (including GPO), databases, application servers, operating systems (Windows, Linux, macOS) and network infrastructure.
• Advanced experience in configuring and troubleshooting privileged applications, privileged identity management, and API integrations.
• Experience integrating PAM solutions across hybrid environments including AWS for key and secrets management, SSH and API key management, and reporting.
• Familiarity with integrating load balancing technologies with CyberArk.
• Experience integrating PAM solutions with SIEM solutions.
• Experience implementing and working with identity access management solutions such as Okta, Ping, OneLogin.
• Knowledge of federated authentication protocols such as SAML, OIDC, and OAuth 2.0.
• Strong knowledge of identity access governance tools and processes, security policy, and governance.
• Experience working in geographically dispersed environments.
• Strong communication, presentation, and written skills.
• Strong data analysis skills with intermediate to advanced proficiency in Google Sheets or Excel.
• Experience with SIEM, XDR/EDR, and Vulnerability Management solutions desirable.
• Scripting experience is essential (Python, PowerShell).

Application: Please upload your CV and cover letter/portfolio, which highlights why you'd love to take on this role and why you're a great match for what we're looking for.