Senior Security Engineer - Privileged Access Management (PAM)

Employment Type

Permanent

Closing Date

8 May 2026 11:59pm

Job Title

Senior Security Engineer - Privileged Access Management (PAM)

Job Summary

Job Description

Role Purpose

As a Senior Security Engineer – Privileged Access Management, you are the strategic authority for the PAM domain across the organisation. You provide architectural leadership, set technical direction, and influence security outcomes by shaping how privileged access, secrets, and elevated identities are governed, designed, and protected across enterprise and cloud environments.

This role moves beyond platform administration. You will define PAM strategy, architecture, and maturity uplift, working across engineering, operations, risk, and the business to ensure privileged access controls align with Zero Trust principles, regulatory expectations, and an evolving threat landscape.

You will act as a trusted advisor to senior technology leaders, guide vendor strategy across industry-leading PAM solutions, and ensure PAM capabilities are embedded securely-by-design across infrastructure, applications, and platforms — with a strong focus on automation, measurable control uplift, and operational optimisation.

What Success Looks Like (outcomes)

• A clear PAM target-state architecture and multi-year roadmap is agreed with Security, Infrastructure, Cloud, and Risk — including prioritised control uplift, platform strategy, and decommission plan where relevant.
• Privileged identities (human and non-human) are reduced, rationalised, and governed: fewer standing privileges, stronger segregation of duties, and measurable reductions in unmanaged service accounts and secrets sprawl.
• PAM is embedded into delivery: engineering teams can adopt secure privileged access and secrets patterns via reusable templates, automation, and reference designs (not bespoke, manual processes).
• Improved detection and response for privileged activity: high-quality logging, correlation, and alerting are in place, with clear playbooks and reduced time-to-detect/time-to-contain for privilege-related incidents.
• Audit and assurance are easier: control evidence is repeatable and largely automated, with timely access reviews and fewer audit findings relating to privileged access.

Automation & AI Expectations

• Drive a high-automation PAM operating model: onboarding, access requests/approvals, vaulting, rotation, session recording, and offboarding should be automated wherever possible via APIs, workflows, and infrastructure-as-code.
• Partner with platform and DevSecOps teams to standardise secrets management patterns (e.g., dynamic secrets, automated rotation, short-lived credentials, workload identity) and publish reusable, secure-by-default patterns (templates/reference implementations).
• Use analytics and (where appropriate) AI-enabled capabilities to improve detection and prioritisation of privileged-risk signals (e.g., anomalous privileged behaviour, impossible travel, privilege escalation patterns), while ensuring human-in-the-loop decisioning for high-impact actions.
• Optimise reporting and assurance through automation (control dashboards, evidence collection, access review packs), reducing manual effort and improving timeliness and accuracy.
• Apply responsible AI/security guardrails: protect sensitive credentials and logs, ensure data handling complies with policy, and validate outputs before actioning changes.

What You’ll Do

PAM Domain Leadership & Strategy

• Own and lead the Privileged Access Management domain vision, defining target state architecture, control standards, and maturity roadmaps across on‑prem, cloud, SaaS, and hybrid environments.
• Provide technical governance for PAM, ensuring solutions meet security, compliance, resilience, and user‑experience expectations.
• Shape PAM capability uplift in line with Zero Trust, identity‑centric security, and modern infrastructure patterns.

Architecture & Secure‑by‑Design Enablement

• Design PAM architectures that support workloads, platforms, automation, and DevSecOps pipelines — ensuring privileged access and secrets are protected end-to-end across the technology lifecycle.
• Embed PAM controls into solution designs, reference architectures, and engineering standards, influencing delivery teams early rather than post‑implementation.
• Ensure PAM integrates seamlessly with identity providers, MFA, logging and detection (SIEM/SOAR), ticketing/workflow, and monitoring solutions — enabling automated approvals, strong audit trails, and actionable telemetry.

Technology & Vendor Direction

• Act as a domain expert across industry‑leading PAM solutions, including (but not limited to) CyberArk, BeyondTrust, and cloud‑native PAM services.
• Guide vendor evaluation, capability comparison, and roadmap alignment, ensuring technology decisions are outcome‑driven rather than tool‑led.
• Oversee vendor performance and technical delivery outcomes without being locked into a single platform’s operational detail.

Risk, Compliance & Assurance

• Translate regulatory and control requirements (e.g. Essential Eight, ISO 27001, NIST) into pragmatic PAM design patterns and control enforcement.
• Lead security risk assessments related to privileged access, secrets sprawl, service accounts, and automation identities.
• Support audits, access reviews, and assurance activities through clear architecture, evidence‑based controls, and strong documentation.

Operational Influence & Incident Support

• Partner closely with operations teams as an engineering escalation point for complex PAM-related incidents or systemic issues, and contribute to an on-call roster as required (with a focus on high-severity and problem management rather than routine administration).
• Contribute to incident response, root cause analysis, and post‑incident improvements where privileged access is a contributing factor.
• Drive continuous improvement by identifying recurring operational pain points and engineering them out through better design.

Leadership Capability

• Mentor and uplift engineers across security and platform teams, building PAM capability and reducing reliance on tribal knowledge.
• Influence senior stakeholders through clear, confident communication, translating technical risk into business impact.
• Promote a culture of security ownership, automation, and continual improvement across the PAM ecosystem.

What You Bring

Core Expertise

• Deep experience in Privileged Access Management, secrets management, and identity security architecture across enterprise environments.
• Strong understanding of Zero Trust architectures across cloud and on‑prem platforms.
• Proven ability to design scalable, resilient, and reusable security controls aligned to modern engineering practices.

Technical Breadth

• Hands‑on familiarity with industry‑leading PAM technologies (such as CyberArk, BeyondTrust, and cloud‑native PAM services).
• Experience integrating PAM solutions with identity providers, MFA, logging/SIEM, ticketing systems, monitoring, and automation frameworks.
• Strong knowledge of infrastructure-as-code, APIs, and automation concepts used to embed security into delivery pipelines (e.g., Terraform/CloudFormation, CI/CD integration, workflow automation).
• Experience using data/telemetry to improve privileged access outcomes (dashboards, trend analysis, anomaly detection, and/or AI-assisted triage), with an understanding of limitations, bias, and validation requirements.

Strategic & Leadership Capability

• Demonstrated ability to operate as a domain lead, setting direction rather than only delivering tasks.
• Strong stakeholder engagement skills — able to influence engineers, architects, vendors, and executives.
• Comfortable balancing security risk, operational realities, and user experience.

Why This Role Matters

This role is critical to reducing systemic risk associated with privileged access, one of the most consistently exploited attack paths. You will not just run tools — you will shape how the organisation thinks about, designs, and governs privilege.

We're amongst the top 2% of companies globally in the CDP Global Climate Change Index 2023, being awarded an 'A' rating. If you want to work for a company that cares about sustainability, we want to hear from you.


As part of your application with Telstra, you may receive communications from us on +61 440 135 548 (for job applications in Australia) and +1 (623) 400-7726 (for job applications in the Philippines and India).

When you join our team, you become part of a welcoming and inclusive community where everyone is respected, valued and celebrated. We actively seek individuals from various backgrounds, ethnicities, genders and disabilities because we know that diversity not only strengthens our team but also enriches our work. We have zero tolerance for harassment of any kind, and we prioritise creating a workplace culture where everyone is safe and can thrive.

As part of the hiring process, all identified candidates will undergo a background check, and the results will play a role in the final decision regarding your application.

We work flexibly at Telstra. Talk to us about what flexibility means to you. When you apply, you can share your pronouns and / or any reasonable adjustments needed to take part equitably during the recruitment process.

We are aware of current limitations with our website accessibility and are working towards improving this. Should you experience any issues accessing information or the application form, and require this in an alternate format, please contact our Talent Acquisition team via the contact details found at www.telstra.com.au/careers/diversity-equity-and-inclusion/disability-employment