Sr Security Engineer
Job Summary:The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando - and will consider each of these locations for this opportunity.
The Product Security team within Disney Media & Entertainment Distribution (DMED) exists to ensure that our guests are protected and have a magical experience. We protect our guests and the Disney brand by engaging with product development teams at every of the product development lifecycle. We assess and influence product design, we analyze applications for flaws that may lead to security issues, and we provide penetration testing to ensure our products are secure.
We are looking to add people to the team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
Responsibilities:
- Build, own, and operate enterprise services(s) in support of the program
- Lead and mentor junior engineers by setting a high bar for technical and operational excellence
- Review architecture designs to identify security risks and flaws and provide security architectural recommendations and design best practices for IT and software development projects that cross multiple platforms, and ensure alignment with DMED security architecture
- Review application and infrastructure architecture that covers cloud, container, network, IAM:
- Containerized micro-service and serverless architecture with various storage technologies
- Client side web and mobile applications
- Media (transport, DRM, watermark, etc.)
- CI/CD process
- Cloud infrastructure architecture and cloud resources configurations
- Multi-cloud and on-prem architecture, including networking and firewall requirements and design
- Review threat model and provide threat modeling service as part of security architecture review process
- Summarize and articulate risks identified in security architecture review and threat modeling in business and technical contexts and log in DMED risk register
- Develop security standards and reference architecture documents for relevant technologies and platforms as security best practices and references for IT and software engineering teams
- Assist in the planning, develop, implement and update company’s information security strategy
Basic Qualifications:
- Prior experience working within product/application security or prior development team experience with a security focus
- Ability to break down and communicate technically complex security situations and impacts for a non-technical audience
- Knowledge of public cloud services (AWS, Azure, GCP, etc.)
- Knowledge of IaC (Infrastructure as Code) and supporting technologies (Cloud Formation, Terraform, etc.)
- Demonstrated ability to analyze security events, threats and other related data
- Demonstrated knowledge of general security threats, attack vectors, and vulnerabilities
- Scripting experience (Python, Perl, PowerShell, Yara)
- Effective communication skills across all organization and technological levels
- Demonstrated ability to work in a challenging, dynamic, and fast-paced environment with limited supervision. Candidate should be able to succeed in both independent and collaborative work scenarios
Preferred Qualifications:
- Experience working within product/application security
- Experience developing applications (Web, mobile, api) and in-depth knowledge with software development methodologies, CI/CD, and DevSecOps
- Understanding of infrastructure and application architecture with emphasis on security by design
- Demonstrate strong technical capability and experiences across a broad range of technical disciplines
- Cloud infrastructure architecture and cloud resources configurations
- Multi-cloud and on-prem architecture, including networking and firewall requirements and design
- Experience building, owning, and operating an enterprise service pertaining to product security
Required Education
- BA/BS in Computer Science, Computer Engineering, Information Systems or Information Security preferred, or equivalent experience
- Security+, CISSP, or other general information security certifications
Preferred Education
- MS in Computer Science, Computer Engineering, Information Systems or Information Security preferred
- Specialized security certifications (GIAC, OSCP, CSSLP, etc.)
Additional Information:DISNEYTECH
#LI-JH8