Senior Security Engineer - Threat Hunting

Department Description:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.
• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance operational efficiency.

Team Description:

We are seeking a skilled and experienced Senior Security Engineer with a specialization in threat hunting to join our GIS Anomaly Detection Team. In this role, you will be responsible for proactively identifying and mitigating security threats across the enterprise. Your expertise in threat hunting will be crucial in detecting anomalous and malicious activities before they can impact our systems and data. You will work closely with various teams to develop and refine security measures and contribute to the enhancement of the company’s overall security posture.

Key Responsibilities:

• Threat Hunting: Lead and execute advanced threat hunting initiatives to proactively identify and investigate potential security threats, vulnerabilities, and malicious activities within the enterprise environment.
• Detection and Analysis: Utilize advanced tools and techniques to analyze security data, detect anomalies, and assess potential threats.
• Rule Development: Work closely with the threat detection team to create and enhance security rules and detection signatures. Focus on developing use cases for comprehensive threat detection and ensure the automation of detection processes to improve efficiency and accuracy.
• Cyber Threat Intelligence Collaboration: Partner with the CTI team to integrate threat intelligence into detection and hunting processes. Use threat intelligence to inform and enhance threat hunting activities, identify trends, and adapt strategies to emerging threats.
• Incident Response: Collaborate with the incident response team to provide expert analysis and recommendations during security incidents. Contribute to the development of incident response plans and procedures.
• Collaboration: Work closely with various departments and segments to enhance security measures and ensure a unified approach to threat detection and response. Collaborate via various means, including but not limited to messaging, email, and video calls. Share insights and findings to improve overall security posture and stay up-to-date with cybersecurity trends. Propose improvements to security practices and tools.
• Continuous Improvement: Stay up-to-date with the latest cybersecurity trends, threat intelligence, and emerging technologies. Propose and implement improvements to security practices and tools based on evolving threat landscapes.
• Documentation and Reporting: Maintain comprehensive documentation of threat hunting activities, findings, and recommendations. Prepare detailed reports for stakeholders and management.

Must Haves:

• 5+ years of experience with a focus on threat hunting or incident response.
• Experience working with large enterprises or cybersecurity firms.
• Solid understanding of cybersecurity frameworks and standards (e.g., MITRE ATT&CK, NIST).
• Proficiency in at least one scripting language (e.g., Python, PowerShell, Bash).
• Experience with threat intelligence platforms and SIEM systems.
• Familiarity with endpoint detection and response (EDR) tools.
• Basic knowledge of network traffic and Operating System analysis.
• Good analytical and problem-solving skills.
• Effective communication skills for conveying findings to technical and non-technical stakeholders.
• Relevant certifications or equivalent training, such as CISSP (Certified Information Systems Security Professional) or GIAC GCIH (GIAC Certified Incident Handler).

Nice To Haves:

• 5 years of experience in cybersecurity, with a significant focus on threat hunting, incident response, and advanced persistent threat (APT) investigations.
• Proven track record in leading threat hunting teams or projects within large enterprises or specialized cybersecurity firms.
• Optional: Experience in red teaming operations, including penetration testing and vulnerability assessments.
• Deep understanding and practical application of multiple cybersecurity frameworks and standards (e.g., MITRE ATT&CK, NIST).
• Proficiency in at least one scripting language (e.g., Python, PowerShell, Bash).
• Expertise in using and integrating various threat intelligence platforms, SIEM systems, and EDR tools.
• Experience in kill chain analysis, network traffic analysis, Active Directory and Operating System analysis.
• Experience with cloud security and securing cloud environments (e.g., AWS, Azure, Google Cloud).
• Excellent problem-solving skills with a strategic approach to complex security challenges.
• Exceptional communication and leadership skills, with the ability to mentor junior team members and present findings to executive leadership.
• Relevant certifications such as CISSP (Certified Information Systems Security Professional) or GIAC GCIH (GIAC Certified Incident Handler).
• Additional training in advanced threat hunting methodologies and cybersecurity tools.

Education:

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

The hiring range for this remote position is $138,500 to $185,600 per year, which factors in various geographic regions. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.