The CyberArk Conjur Consultant will support the design and automation of application and service credential lifecycle management, with a primary focus on password rotation and secrets governance. This role ensures that application credentials, service accounts, database passwords, and machine identities are securely stored, automatically rotated, and seamlessly consumed across our hybrid and cloud environments. You will work closely with platform, DevOps, security, and application teams to embed automated credential rotation into CI/CD pipelines, runtime environments, and infrastructure workflows — reducing risk while maintaining operational stability.

Key Responsibilities:

Conjur Enterprise/Cloud — installation, policy-as-code (HCL/YAML), host identity, authenticator configuration (Azure AD, JWT, API key)

CyberArk interop — Synchronizer / Vault-Conjur sync, leveraging existing safes and rotation policies

Conjur CI/CD integrations — Azure DevOps marketplace extension, Summon, REST API retrieval patterns

Secret rotation mechanics for pipeline-consumed credentials (SQL, Azure AD app registrations, API keys, certificates)

HA, DR, and monitoring for the Conjur platform

Audit/compliance — access logging, rotation evidence

Requirements:

Hands-on experience with CyberArk Conjur or CyberArk Secrets Manager, specifically focused on:

Password rotation

Secret lifecycle management

Policy configuration

Experience integrating secrets management into CI/CD pipelines.

Strong understanding of:

Service account management

Credential lifecycle management

Zero Trust and least-privilege principles

Experience with scripting and automation (PowerShell, Bash, Python).

Experience with Infrastructure as Code (Terraform, Ansible, or similar).

Knowledge of Windows/Linux administration and Active Directory.

Experience supporting .NET/C# application teams.

Preferred Qualifications

Experience integrating Conjur with CyberArk Privilege Cloud.

Experience rotating database credentials (SQL Server, Oracle, PostgreSQL).

Experience with Kubernetes-based secret injection.

CyberArk certifications (Conjur or Privilege Cloud).

Experience operating in regulated environments.