Sr. Cloud Security Engineer
Job Summary:The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology.
This process includes:
- Analysis of known and emerging threats to determine risks against TWDC assets
- Creation, maintenance, governance and communication of security policies and standards across TWDC
- Assessment and audit of compliance against the security policies and standards
- Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
Responsibilities:The IT Security Architecture & Engineering team develops and guides technology risk management in collaboration with teams across the company to enable responsive, secure and cost effective solutions.
The Sr. Security Engineer is responsible for evaluating a myriad of deployment scenarios (e.g. on-premises, cloud, hybrid), services, models and technology to ensure they are secure and compliant across The Walt Disney Company (TWDC). This role is highly versatile and technical, gleaning from heavy network engineering, application security and DevSecOps (Development, Security and Operations).
Key responsibilities:
- Provide situation-based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
- Create, review and present reports, position papers, assessment recaps to team (peers) and next level of leadership within team
- Execute advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
- Develop and document technical solutions that meet specifications and impact future developments (position papers, process flows, requirements, data flows, mapping to controls)
- Identify, select, develop and document architecture artifacts (reference architectures, standards, policies, reusable designs, best practices) across data protection topics
- Lead discussions, assessments, tracking and overall reporting of technology security risks
- Documents issues, solutions and project status
- Understand business drivers and processes to evaluate risk and recommend solutions with a balanced result
- Promote awareness of applicable security policies and standards
- Assist with the maintenance of metrics and scorecards in support of the information security program
Basic Qualifications:
- 5 years’ experience with 3 or more areas including: public cloud, secure application development, virtual network big data, elastic compute, cloud security
- 1-3 years of practical cloud information security experience
- 5-8 years in IT and/or in this specific role
Required Education
- BA/BS in Business or Computer Science or appropriate work experience
- Required - Two or more of the following certifications: CISSP, CCSP, AWS Certified Public Cloud Architect, MCSE Cloud, VMWare VCP6-Cloud, EMCCA (EMC Cloud Architect) or GIAC
Preferred Education
- Masters or other advanced degree preferred
Additional Information:DISNEYTECH