Sr. Security Engineer[Hybrid] W2 Role

Title: Sr. Security Engineer

Contract Length: 6 Months. Possibility for extension

Schedule: 4 days onsite Monday Thursday. 1 Day remote Friday.

Must be USC or GC holder

Must be able to work W2

Locations:

-Orlando FL: 7055 S Kirkman Rd. 32819
-Burbank CA: 820 S Flower St. 91502
-Seattle WA: 925 4th Ave. 98104
-NYC: 7 Hudson Square aka 310 Hudson St. 10013

Team Overview:

We are looking for a Senior Security Engineer (PAM) to join Disneys Global Information Security - Identity and Access Management (IAM) group. This group is responsible for providing a Core IAM ecosystem of products and platforms in use across the company by cast members employees and partners within Disneys business segments (ESPN Parks Studios Disney Streaming) and corporate functions. Our vision is to provide modern Identity and Access Management capabilities and services that are simple seamless and secure to protect our workforce our data and our brands..


Must-Haves:

1.) Minimum 5-7 years in Cybersecurity or Identity & Access Management (IAM) **2-3 years need to be focused on Privileged Access Management (PAM)**
2.) Hands-on administration of enterprise PAM platforms such as CyberArk (EPV PSM PVWA CPM CCP) or CA PAM (Broadcom Privileged Access Manager)
3.) Versed in integrating PAM solutions with enterprise directories (Active Directory LDAP) and cloud platforms (AWS Azure GCP)
4.) Proficient in scripting and automation with PowerShell and/or Python for PAM workflows
5.) Demonstrated experience supporting compliance and audit processes (SOX PCI-DSS or similar frameworks)
6.) BS degree in any STEM field (Science Technology Engineering or Mathematics)

Nice-to-Haves:

- Experience with DevOps secrets management tools such as HashiCorp Vault AWS Secrets Manager or Azure Key Vault.
- Familiarity with Infrastructure as Code (Terraform) for PAM platform deployment and configuration.
- Experience with SIEM integrations and PAM telemetry for privileged session monitoring.
- Knowledge of Zero Trust architecture principles as applied to privileged access.
- Experience with service account lifecycle management and non-human identity (NHI) programs.
- Relevant certifications such as: CyberArk Defender/Sentry CompTIA Security CISSP or equivalent are highly desirable.
- Masters degree in Information Technology Information Security Computer Science or Business related field or equivalent validated work experience


Responsibilities:

- Design implement and maintain enterprise PAM solutions including privileged account vaulting session management just-in-time access and secrets management.
- Administer and operate PAM platforms (e.g. CyberArk CA PAM) across on-premises and cloud environments ensuring high availability and security policy enforcement.
- Develop and maintain automation for PAM onboarding account provisioning rotation and reconciliation using PowerShell Python REST APIs and Terraform.
- Collaborate with IT Cloud DevOps and application teams to integrate PAM controls into CI/CD pipelines cloud platforms and third-party systems.
- Define and enforce privileged account policies aligned with TWDC security standards regulatory requirements and industry best practices.
- Lead PAM-related risk assessments access reviews and audit response activities.
- Troubleshoot complex PAM platform issues driving root cause analysis and permanent remediation.
- Mentor junior engineers and contribute to team documentation runbooks and architectural standards.
- Identify opportunities to reduce the privileged access attack surface through improved tooling automation and process improvements.
- Support knowledge sharing across the PAM team by leading technical discussions reviewing peers work and contributing to team learning initiatives.