Sr Staff Security Engineer
Job Summary:The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance and communication of security policies and standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
Responsibilities:This role will provide Operational Security leadership and support to The Walt Disney Studios with the mission of protecting Studios’ Pre-Release Content.
The Sr Staff Security Engineer is responsible for:
- Provides situation based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company information security policies and standards.
- Balances operational work 10% of the day, 90% project deliverables to help meet assigned team deliverables.
- Drives the design, implementation, and documentation of new security tools.
- Collaborates with other internal information technology teams (networking, cloud, traditional architecture, developers, and data scientists) to support internal and external systems.
- Information security tools, such as the SIEM (Logstash, Splunk, GrayLog, etc.);
- Clearly documents designed automation and system relationships and operational guidelines.
- Ability to create security operations processes and workflows.
- Remains current on industry trends in cyber risk with industry standards (ISO 27001/2, NIST, CIS) and regulatory requirements.
- Creates, reviews and presents reports, position papers, assessment recaps to team (peers) and next level of leadership within team
- Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
- Researches, learns and assesses new technologies
- Assists with the maintenance of metrics and scorecards in support of the information security program
- Facilitate vulnerability management program across various systems, network, and engineering groups
- Evaluate current policies, provide risk analysis, and security reviews that will safeguard digital files and vital electronic systems
- Partner with Global Information Security, Studios Content Security, Systems and Network teams to develop, test, deploy, and operationalize security monitoring, assessment, and response solutions
- Partner with architecture and engineering teams in design review, and execution of solutions that protect the intellectual property of the Walt Disney Studios
- Prepare, review, and present reports (e.g., penetration test results, incident response metrics, forensics, exceptions, risks) to team (peers) and leadership
- Interact with internal and external customers on security-related projects and operational tasks in addition to presenting findings to senior leadership
Basic Qualifications:
- 6-10 Years of Experience in cybersecurity and cloud infrastructure engineering/architecture.
- System admin - Red Hat Linux/Unix, Windows – Experience and knowledge is mandatory
- UNIX/Linux administration, troubleshooting, performance tuning, & security.
- Microsoft Active Directory, Windows Server administration, troubleshooting, performance tuning, & security
- Detailed understanding of TCP/IP and related communication protocols, Windows authentication mechanisms (Kerberos, NTLM, AD), networking
- Demonstrated experience in creating conceptual, logical and physical security diagrams, thorough understanding of vulnerabilities and countermeasures
- Experience with both commercial and open source security and vulnerability detection tools (e.g., Tenable, Qualys, Aquasec, Prisma).
- Multiple scripting languages in your toolbox (e.g., Python, GO, Perl, Swift)
- Demonstrated experience in creating conceptual, logical and physical security diagrams, thorough understanding of vulnerabilities and countermeasures
- Experience with NGAV tools such as CrowdStrike.
- Information security technology/compliance experience (e.g., Sarbanes-Oxley, NERC CIP, MPAA Content Security, PCI, PII, GDPR)
- Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment
- Excellent written and verbal communication skills including documentation and reporting
- Exceptional analytical and problem-solving skills
- Ability to establish credibility and working relationships with a wide range of personnel including operations, management and legal staff
- Strong organizational and time management skills
- Professional Certifications: CISSP, CCSP, CCSK, Cloud+, CEH, Pentest+, GSEC, GCIH, MCSE, VCP, GPEN, OSCP
Required EducationBA/BS in business or computer science or appropriate work experience
Additional Information:DISNEYTECH