Sr. Security Engineer - PAM - No H-1B or C2C

We are looking for a Senior Security Engineer - PAM to join Company’s Global Information Security - Identity and Access Management (IAM) group. This group is responsible for providing a Core IAM ecosystem of products and platforms in use across the company by cast members, employees, and partners within Company’s business segments and corporate functions. Our vision is to provide modern Identity and Access Management capabilities and services that are simple, seamless, and secure to protect our workforce, our data, and our brands.

• Design, implement, and maintain enterprise PAM solutions including privileged account vaulting, session management, just-in-time access, and secrets management.
• Administer and operate PAM platforms (e.g., Cyber Ark, CA PAM) across on-premises and cloud environments, ensuring high availability and security policy enforcement.
• Develop and maintain automation for PAM onboarding, account provisioning, rotation, and reconciliation using Power Shell, Python, REST APIs, and Terraform.
• Collaborate with IT, Cloud, Dev Ops, and application teams to integrate PAM controls into CI/CD pipelines, cloud platforms, and third-party systems.
• Define and enforce privileged account policies aligned with TWDC security standards, regulatory requirements, and industry best practices.
• Lead PAM-related risk assessments, access reviews, and audit response activities.
• Troubleshoot complex PAM platform issues, driving root cause analysis and permanent remediation.
• Mentor junior engineers and contribute to team documentation, runbooks, and architectural standards.
• Identify opportunities to reduce the privileged access attack surface through improved tooling, automation, and process improvements.
• Support knowledge sharing across the PAM team by leading technical discussions, reviewing peers' work, and contributing to team learning initiatives.

• Minimum of 5+ years of experience in cybersecurity or identity and access management, with at least 3 years focused on Privileged Access Management.
• Hands‑on experience administering enterprise PAM platforms such as Cyber Ark (EPV, PSM, PVWA, CPM, CCP) or CA PAM (Broadcom Privileged Access Manager).
• Proficiency in scripting and automation with Power Shell and/or Python for PAM workflows.
• Experience integrating PAM solutions with enterprise directories (Active Directory, LDAP) and cloud platforms (AWS, Azure, GCP).
• Strong understanding of PAM concepts: credential vaulting, session recording, just‑in‑time access, least privilege, secrets management, and SSH key management.
• Demonstrated experience supporting compliance and audit processes (SOX, PCI‑DSS, or similar frameworks).
• Ability to work effectively across cross‑functional teams in a large enterprise environment.

• Experience with Dev Ops secrets management tools such as Hashi Corp Vault, AWS Secrets Manager, or Azure Key Vault.
• Familiarity with Infrastructure as Code (Terraform) for PAM platform deployment and configuration.
• Experience with SIEM integrations and PAM telemetry for privileged session monitoring.
• Knowledge of Zero Trust architecture principles as applied to privileged access.
• Experience with service account lifecycle management and non‑human identity (NHI) programs.
• Relevant certifications such as:
  Cyber Ark Defender/Sentry, CompTIA Security+, CISSP, or equivalent are highly desirable.
• Master’s degree in Information Technology, Information Security, Computer Science, or Business related field or equivalent validated work experience

BA/BS Degree Comp Sci/IS or related field

• Any Tech Hub - Orlando/Burbank/Seattle/NY Must be 4x onsite a week.