Lead Security Specialist – SIEM Operations
Job Summary:The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology.
This process includes:
1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance and communication of security policies and standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
Responsibilities:The Lead Security Specialist – SIEM Operations is a technical leader, who is passionate about security and who will help drive adoption of security best practices, work closely with Management, other security staff members, the Security Operations Center (SOC), Incident Response (IR) team and other internal organizations. Provide security expertise and technical leadership. Serve as the subject matter expert for SIEM-related activities covering both traditional and virtual environments.
- Experience with Splunk Enterprise 7.x or higher and Splunk Enterprise Security 5.x
- Extensive experience working with major cloud environments (i.e. AWS, Azure, GCP)
- Perform rudimentary software engineering tasks: code/troubleshoot/optimization
- Modify/Optimize existing code base (i.e. bash/Python)
- Integrate systems management automation to improve workflows (i.e. Terraform, Chef, Ansible)
- Grow capabilities through architecting integrations of security tools and data sources
- Assist with creation and maintenance of operational security metrics via efficient methods (i.e. dashboards, reports)
- Proactively track security trends, standards, and practices to identify needs for enhancing or developing security solutions
- Identify security considerations for design and deployment of new applications, technologies, and solutions
- Participate in on-call rotation
Basic Qualifications:
- Minimum 3 years technical leadership experience in large global organizations
- Minimum 7-10 years security operations experience in large global organizations
- Minimum 2 years Splunk
- Minimum 5-7 years SIEM operations
Required Education
- BA/BS in Business or Computer Science or appropriate work experience
Preferred Education
- Masters or other advanced degree preferred
- Prefer one of the following general certifications: CISSP, CISM, CISA or equivalent
- Prefer an application-specific certification: Splunk Certified Admin or IBM Certified Associate Administrator - Security QRadar SIEM
- Prefer an AWS Operations or Security certification
Additional Information:DISNEYTECH