Permanent Espn Engineering Jobs (NOW HIRING)

Title: Sr. Security Engineer

Contract Length: 6 Months. Possibility for extension

Schedule: 4 days onsite Monday – Thursday. 1 Day remote Friday.

Must be USC or GC holder

Must be able to work W2

Locations:

-Orlando, FL: 7055 S Kirkman Rd., 32819
-Burbank, CA: 820 S Flower St., 91502
-Seattle, WA: 925 4th Ave., 98104
-NYC: 7 Hudson Square aka 310 Hudson St., 10013

Team Overview:
We are looking for a Senior Security Engineer (PAM) to join Disney’s Global Information Security - Identity and Access Management (IAM) group. This group is responsible for providing a Core IAM ecosystem of products and platforms in use across the company by cast members, employees, and partners within Disney’s business segments (ESPN, Parks, Studios, Disney Streaming) and corporate functions. Our vision is to provide modern Identity and Access Management capabilities and services that are simple, seamless, and secure to protect our workforce, our data, and our brands..
Must-Haves:
1.) Minimum 5-7 years in Cybersecurity or Identity & Access Management (IAM) **2-3 years need to be focused on Privileged Access Management (PAM)**
2.) Hands-on administration of enterprise PAM platforms such as CyberArk (EPV, PSM, PVWA, CPM, CCP) or CA PAM (Broadcom Privileged Access Manager)
3.) Versed in integrating PAM solutions with enterprise directories (Active Directory, LDAP) and cloud platforms (AWS, Azure, GCP)
4.) Proficient in scripting and automation with PowerShell and/or Python for PAM workflows
5.) Demonstrated experience supporting compliance and audit processes (SOX, PCI-DSS, or similar frameworks)
6.) BS degree in any STEM field (Science, Technology, Engineering, or Mathematics)
Nice-to-Haves:
- Experience with DevOps secrets management tools such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault.
- Familiarity with Infrastructure as Code (Terraform) for PAM platform deployment and configuration.
- Experience with SIEM integrations and PAM telemetry for privileged session monitoring.
- Knowledge of Zero Trust architecture principles as applied to privileged access.
- Experience with service account lifecycle management and non-human identity (NHI) programs.
- Relevant certifications such as: CyberArk Defender/Sentry, CompTIA Security+, CISSP, or equivalent are highly desirable.
- Master’s degree in Information Technology, Information Security, Computer Science, or Business related field or equivalent validated work experience
Responsibilities:
- Design, implement, and maintain enterprise PAM solutions including privileged account vaulting, session management, just-in-time access, and secrets management.
- Administer and operate PAM platforms (e.g., CyberArk, CA PAM) across on-premises and cloud environments, ensuring high availability and security policy enforcement.
- Develop and maintain automation for PAM onboarding, account provisioning, rotation, and reconciliation using PowerShell, Python, REST APIs, and Terraform.
- Collaborate with IT, Cloud, DevOps, and application teams to integrate PAM controls into CI/CD pipelines, cloud platforms, and third-party systems.
- Define and enforce privileged account policies aligned with TWDC security standards, regulatory requirements, and industry best practices.
- Lead PAM-related risk assessments, access reviews, and audit response activities.
- Troubleshoot complex PAM platform issues, driving root cause analysis and permanent remediation.
- Mentor junior engineers and contribute to team documentation, runbooks, and architectural standards.
- Identify opportunities to reduce the privileged access attack surface through improved tooling, automation, and process improvements.
- Support knowledge sharing across the PAM team by leading technical discussions, reviewing peers' work, and contributing to team learning initiatives.