Intern, Security Architecture and Engineering Summer 2022
Job Summary:At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts, and a cruise line to sports, news, movies, and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including a continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance, and communication of security policies and standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
Responsibilities:The Professional Intern would participate in a 12-week “road trip” in the Security Architecture - Cloud Security Services group in the following areas: Cloud Security Posture Management, Security Configuration Standards, Monthly Cloud Storage Scans, and AWS Workspaces scans. This position provides the opportunity to use cloud technical knowledge, security experience, and learn from experienced professionals in our team as part of each rotation scope.
Month 1: Cloud Security Posture Management
- Perform evaluation and testing of configuration policy to ensure CSPM tool identifies proper alerts and remediation
- Review enterprise solution out-of-the-box (OOTB) configuration for alignment and gaps with TWDC ISPS and SCS
- Create TWDC custom configuration checks
- Create tests for OOTB and TWDC custom configuration checks
- Test OOTB and TWDC custom configuration checks
Month 2: Security Configuration Standards (SCS)
- Create Cloud SCS – new and refresh by researching CIS, service hardening documentation, and TWDC ISPSo Peer review Cloud SCS, including testing in Cloud environments
- Review SME feedback for applicable changes to SCS draft
- Review SCS with Director for feedback and sign off
- Collaborate with team to publish SCS
·Month 3: Monthly Cloud Storage Scan and Reporting
- Collaborate with team to learn, test, execute monthly storage scanning in AWS, Azure, GCP
- Package analysis for attestation communication
- Collaborate with team members on process improvements to increase the frequency of scan and communications (aka multiple times in a month)
- Collaborate with team to learn, test, execute weekly Amazon Workspaces Report
- Participate in packaging report for communication to ISOs
- Collaborate with team members on process improvements and/or ways to eliminate scan and report
Ongoing:
- Participate in Sprint Planning and team meetings
- Plan, schedule, prepare for, and participate in meetings specific to “road trip” itinerary
- Co-facilitate work sessions, as needed, to complete deliverables specific to “road trip” itinerary
Basic Qualifications:
- Experience and understanding of JSON
- Knowledge of cloud (one or more: AWS, Azure, GCP), cloud security posture management, policy, and other cloud services/processes
- Knowledge and understanding of cloud computing service terminology
- Ability to navigate complex business and organization structure to achieve end results
- Excellent analytical, problem solving, and multi-tasking skills
- Ability to work independently under minimum supervision and be proactive in solving problems
- Ability to work discretely with sensitive data information
- Previous experience in Microsoft Office with O365, Excel, Word, PowerPoint, and Visio, specifically proficiency in creating and maintaining spreadsheets, presentation decks, and process workflows
- Energetic, customer facing, and solution-focused
- Strong verbal and written communication skills. Must be able to pay close attention to complex detail and understand written and oral instructions
- Must be able to organize and schedule work effectively
- Excellent attention to detail
- Self-starter: Strong planning, scheduling, organization, and prioritization skills
- Demonstrated ability to identify, describe, and resolve and/or escalate issues to closure
- Experience working in a fast-paced, high profile, multi-team, multi-work track complex project
Preferred Qualifications:
- Hands-on experience with AWS, Azure, and GCP environments to build and maintain test environments and perform use case simulations to determine risk
Required EducationCurrently enrolled undergraduate student studying cybersecurity, computer science, information systems, or related field at an accredited college/university and returning to school following the internship
Preferred Education
Additional Information:Eligibility Requirements:
•At the time of application, must be enrolled in an accredited college/university taking at least one class in the semester/quarter (spring/fall) prior to participation in the internship program OR currently participating in a Disney College Program or Disney Professional Internship.
•Must be at least 18 years of age.
•Must not have completed one year of continual employment on a Disney internship or program.
•Must possess unrestricted work authorization.
•Must provide full work availability.
•Program Length: The approximate dates of this internship are May/June - August/September 2022. Interns must be fully available for the duration of a 10-12 week assignment.