Senior Security Engineer; PAM

Job Details

Software Resources has an immediate, contract opportunity for a Senior Security Engineer - PAM with a major media corporation. Locations:
Burbank, CA;
Seattle, WA; or New York City. The role requires 4 on‑site days per week.

Contract:

6+ months

Pay Rate: $90 – $97 per hour, DOE

We are looking for a Senior Security Engineer - PAM to join the Global Information Security - Identity and Access Management (IAM) group. This group is responsible for providing a core IAM ecosystem of products and platforms used across the company by cast members, employees and partners in our business segments (Sports, Parks, Studios, Streaming) and corporate functions. Our vision is to provide modern Identity and Access Management capabilities and services that are simple, seamless and secure to protect our workforce, data and brands.

• Design, implement and maintain enterprise PAM solutions including privileged account vaulting, session management, just‑in‑time access and secrets management.
• Administer and operate PAM platforms (e.g., Cyber Ark, CA PAM) across on‑premises and cloud environments, ensuring high availability and security policy enforcement.
• Develop and maintain automation for PAM onboarding, account provisioning, rotation and reconciliation using Power Shell, Python, REST APIs and Terraform.
• Collaborate with IT, Cloud, Dev Ops and application teams to integrate PAM controls into CI/CD pipelines, cloud platforms and third‑party systems.
• Define and enforce privileged account policies aligned with security standards, regulatory requirements and industry best practices.
• Lead PAM‑related risk assessments, access reviews and audit response activities.
• Troubleshoot complex PAM platform issues, driving root cause analysis and permanent remediation.
• Mentor junior engineers and contribute to team documentation, runbooks and architectural standards.
• Identify opportunities to reduce the privileged access attack surface through improved tooling, automation and process improvements.
• Support knowledge sharing across the PAM team by leading technical discussions, reviewing peers’ work and contributing to team learning initiatives.

• Minimum 5+ years of experience in cybersecurity or identity and access management, with at least 3 years focused on Privileged Access Management.
• Hands‑on experience administering enterprise PAM platforms such as Cyber Ark (EPV, PSM, PVWA, CPM, CCP) or CA PAM (Broadcom Privileged Access Manager).
• Proficiency in scripting and automation with Power Shell and/or Python for PAM workflows.
• Experience integrating PAM solutions with enterprise directories (Active Directory, LDAP) and cloud platforms (AWS, Azure, GCP).
• Strong understanding of PAM concepts: credential vaulting, session recording, just‑in‑time access, least privilege, secrets management and SSH key management.
• Demonstrated experience supporting compliance and audit processes (SOX, PCI‑DSS or similar frameworks).
• Ability to work effectively across cross‑functional teams in a large enterprise environment.

• Experience with Dev Ops secrets management tools such as Hashi Corp Vault, AWS Secrets Manager or Azure Key Vault.
• Familiarity with Infrastructure as Code (Terraform) for PAM platform deployment and configuration.
• Experience with SIEM integrations and PAM telemetry for privileged session monitoring.
• Knowledge of Zero Trust architecture principles as applied to privileged access.
• Experience with service account lifecycle management and non‑human identity (NHI) programs.
• Relevant certifications such as Cyber Ark Defender/Sentry, CompTIA Security+, CISSP or equivalent.
• Master's degree in Information Technology, Information Security, Computer Science or Business related field or equivalent validated work experience.

BA/BS Degree in Computer Science, Information Systems or related field.