Sr Security Engineer, Security Assurance
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives.
GIS teams and positions are located at Disney Hubs: Seattle, WA, Burbank, CA, Orlando, FL and NYC, NY.
The Walt Disney Global Information Security - Assurance Services Pen Testing Team provides a range of solutions to evaluate applications and infrastructure security across TWDC. By simulating an attack from malicious threats, pen testers aim to exploit weaknesses such as improper configurations and hardware and software flaws in order to point out findings that could be exploited in a potential real-world attack.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, are passionate about information security and love their work.
Responsibilities :
The Walt Disney Global Information Security - Assurance Services Team’s mission is to deliver expert-level, real world penetration testing to gauge security and privacy controls across The Walt Disney Company. Further, our mission is to build and deliver services, solutions and processes that enable security defects to be found, fixed or avoided before applications are released to production.
We are looking for a candidate who, at a minimum, possesses deep knowledge of web application security assessment skills and also seeks opportunities for their experience and skills to be applied beyond myopic penetration testing activities. If you seek an opportunity to work with some of the sharpest professionals in the field and play a larger role in driving solutions to improve application security at one of the most innovative and advanced technological entertainment companies in the world, then this position might be for you.
• In-depth knowledge of networking protocols and systems administration
• Expert level web application, API’s and network penetration testing skills
• Familiar with penetration testing applications in the major cloud providers
• Experience customizing/developing in-house scripts and tooling
• Penetration Testing Execution Standard Automation Framework (PTES)
• Experience working with assessments tools/frameworks OWASP ZAP, Burp Suite, NMAP, Mass Scan, Nessus, Metasploit, Mimikatz, Tenable IO, Qualys, Kali Linux, SQLMap and manual tools
Basic Qualifications :
- 3 years in Information Security Field
- Experience working with one scripting and development languages like Bash, Powershell, Python, Perl, Ruby, PHP, C/C++,C#, or Java
- In-depth knowledge of operating systems (Unix/Linux, Windows, and Mac)
- GPEN - GIAC Penetration Tester
Preferred Qualifications:
- 5 years in Information Security Field
- Expert level working with multiple scripting and development languages like Bash, Powershell, Python, Perl, Ruby, PHP, C/C++,C#, or Java
- Creation of custom testing tools and frameworks.
One of the following:
- OSCP - Offensive Security Certified
- OSWE - Offensive Security Web Expert
- GXPN - Exploit Researcher and Advanced Penetration
- OSED – Exploit Developer
- OSEP – Experienced pen tester
Additional Information :
DISNEYTECH
#LI-JP4