At afarax, we connect top freelance IT professionals with high-impact projects. We are currently seeking an experienced CyberArk Expert to support one of our clients in the cybersecurity domain. This role offers the opportunity to lead a complex migration from CyberArk On-Prem to SaaS while shaping the target architecture and operational model.

The Mission

You will assess the existing CyberArk environment, design the target SaaS architecture, define the migration strategy, and execute onboarding and migration activities. You will also document procedures and ensure knowledge transfer to operational teams.

Key Responsibilities

Analysis & Scoping

• Conduct a full assessment of the existing CyberArk On-Prem environment.

• Identify accounts, safes, policies, PSM flows, and dependencies.

• Analyse organizational and operational constraints.

• Define the migration perimeter: privileged accounts, sensitive systems, integrated applications.

Target SaaS Architecture

• Analyse the current CyberArk SaaS architecture.

• Define integration patterns: connectors, gateways, bastions.

• Analyse functional gaps between On-Prem and SaaS (PSM vs Secure Web Sessions, CPM vs SaaS Credential Management).

Migration Strategy

• Build a migration roadmap including prioritisation, risks, and rollback plans.

• Select and configure CyberArk tools:

  • DNA Scanner (Discovery & Audit)

  • AIM / ASCP for application access

  • Account Migration Tooling or custom API scripts

  • Connector Builder if needed

• Define onboarding workflows for SaaS.

Migration Execution

• Implement connectors between the environment and the SaaS platform.

• Progressively onboard privileged accounts into CyberArk SaaS.

• Migrate PSM policies, session recording, and access paths.

• Migrate CPM mechanisms or equivalent SaaS password rotation features.

• Perform full testing: access, sessions, secret rotation, audit, reporting.

Documentation & Processes

• Produce operational documentation:

  • Target architecture

  • Onboarding/offboarding procedures

  • Migration guides

  • PAM access & incident management procedures

  • Runbooks for operations

• Update internal documentation for teams.

Knowledge Transfer & Support

• Deliver training workshops for teams.

• Provide post-migration support during stabilization.

Deliverables

• Existing platform analysis

• Validated migration strategy

• Scripts, configurations, and connectors

• Complete documentation (processes, runbooks, procedures)

• Final report with recommendations

Your Profile

• Strong experience in PAM migrations (Discovery & Classification, Connector Deployment, Secure Web Sessions, Alero, Conjur, EPM).

• Proven experience in provisioning and onboarding privileged accounts.

• Proven hands-on experience with CyberArk SaaS (Identity Security Platform / PAM-as-a-Service).

• Proven experience in risk analysis, compliance, and security audits.

• Deep experience with CyberArk On-Prem (PVWA, PSM, CPM, Vault).

• Strong skills in automation: CyberArk REST API, PowerShell, Python.

• Experience managing PAM projects and driving change.

• Strong background in hardening, segmentation, Zero Trust, bastions.

• Experience integrating with Active Directory, Azure AD, SIEM, IAM.

• Proven ability to write technical documentation, procedures, and runbooks.

Why Work with afarax?

• Access to exclusive freelance opportunities aligned with your expertise.

• Support and guidance throughout your project.

• Opportunity to work on strategic PAM and cybersecurity initiatives.

• A long-term partnership where your expertise is recognized and valued.

Discover more freelance opportunities at afarax.be/jobs