Senior Security Engineer (PAM)

We are looking for a Senior Security Engineer - PAM to join the Global Information Security - Identity and Access Management (IAM) group. This group is responsible for providing a Core IAM ecosystem of products and platforms in use across the company by cast members, employees, and partners within our business segments (Sports, Parks, Studios, Streaming) and corporate functions. Our vision is to provide modern Identity and Access Management capabilities and services that are simple, seamless, and secure to protect our workforce, our data, and our brands.

What You'll Do:

• Design, implement, and maintain enterprise PAM solutions including privileged account vaulting, session management, just-in-time access, and secrets management.
• Administer and operate PAM platforms (e.g., CyberArk, CA PAM) across on-premises and cloud environments, ensuring high availability and security policy enforcement.
• Develop and maintain automation for PAM onboarding, account provisioning, rotation, and reconciliation using PowerShell, Python, REST APIs, and Terraform.
• Collaborate with IT, Cloud, DevOps, and application teams to integrate PAM controls into CI/CD pipelines, cloud platforms, and third-party systems.
• Define and enforce privileged account policies aligned with security standards, regulatory requirements, and industry best practices.
• Lead PAM-related risk assessments, access reviews, and audit response activities.
• Troubleshoot complex PAM platform issues, driving root cause analysis and permanent remediation.
• Mentor junior engineers and contribute to team documentation, runbooks, and architectural standards.
• Identify opportunities to reduce the privileged access attack surface through improved tooling, automation, and process improvements.
• Support knowledge sharing across the PAM team by leading technical discussions, reviewing peers' work, and contributing to team learning initiatives.

Do you have experience in SSH?, Do you have a Bachelor's degree?, * Minimum of 5+ years of experience in cybersecurity or identity and access management, with at least 3 years focused on Privileged Access Management.

• Hands-on experience administering enterprise PAM platforms such as CyberArk (EPV, PSM, PVWA, CPM, CCP) or CA PAM (Broadcom Privileged Access Manager).
• Proficiency in scripting and automation with PowerShell and/or Python for PAM workflows.
• Experience integrating PAM solutions with enterprise directories (Active Directory, LDAP) and cloud platforms (AWS, Azure, GCP).
• Strong understanding of PAM concepts: credential vaulting, session recording, just-in-time access, least privilege, secrets management, and SSH key management.
• Demonstrated experience supporting compliance and audit processes (SOX, PCI-DSS, or similar frameworks).
• Ability to work effectively across cross-functional teams in a large enterprise environment., * Experience with DevOps secrets management tools such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault.
• Familiarity with Infrastructure as Code (Terraform) for PAM platform deployment and configuration.
• Experience with SIEM integrations and PAM telemetry for privileged session monitoring.
• Knowledge of Zero Trust architecture principles as applied to privileged access.
• Experience with service account lifecycle management and non-human identity (NHI) programs.
• Relevant certifications such as: CyberArk Defender/Sentry, CompTIA Security+, CISSP, or equivalent are highly desirable.
• Master's degree in Information Technology, Information Security, Computer Science, or Business related field or equivalent validated work experience

Required Education: BA/BS Degree Comp Sci/IS or related field

4.44.4 out of 5 stars Burbank, CA 91521 Hybrid work $90 - $97 an hour - Contract, Pulled from the full job description

• AD&D insurance
• Health insurance
• 401(k) matching
• Vision insurance
• Dental insurance
• Life insurance
• Disability insurance