Staff Security Engineer - Security Architecture & Engineering (Project Hire)

We are defenders of the magic, waging an epic battle to ­­­­­­safeguard our franchises, protect our people, and ensure the world’s most admired entertainment company is not impacted by cybersecurity threats. The Walt Disney Company is scouring the known talent universe to find security engineers desiring to join our Studios Cyber Team. This position builds and operates systems that provide stay-secure capabilities to our Studio customers. We are partners in protecting Disney’s highly respected portfolio including Marvel Studios, Pixar Animation Studios, Lucasfilm, Disney Live Action Films, Walt Disney Animation Studios, Searchlight Pictures, and 20th Century Studios.

To exceed the expectations of our versatile, creative partners, we need highly motivated, professionals who are passionate about finding new ways to deliver best-in-class cybersecurity capabilities. The Staff Security Engineer - Security Architecture & Engineering role is part of a team that is responsible for validating our content creation and delivery platforms, services, applications, workflows, and websites are designed and implemented to the highest security standards. You will be responsible for assisting in the secure design and analysis of on-premise and cloud-based infrastructure and applications where studio content is produced. This is a deeply technical role, requiring a solid grasp and experience implementing a variety of cloud infrastructure solutions and services, as well as network security, identity, cyber security, privileged access, and related technologies, using solid design principles.

Areas of Responsibilities

• Conduct security architecture and design reviews of high-impact applications including both internally developed applications and 3rd party managed applications.
• Lead in-depth security assessments of sophisticated workflows spanning multiple applications, performing and/or coordinating multiple security assessment workstreams such as threat modeling, penetration testing, DAST scanning, and code review.
• Review output from Dynamic Application Security Testing (DAST) tools and provide feedback on results.
• Evaluate the security posture of cloud environments through manual review and automated tooling. Review output from Cloud Security Posture Management (CSPM) tools. Provide guidance to stakeholders on approaches to remediating identified issues.
• Conduct hands-on security testing of web, mobile applications and cloud-based services. Be capable of identifying traditional application-level issues such as injection, authentication, and misconfiguration vulnerabilities, but also identify vulnerabilities that lead to bypass of security controls.
• Participate in proof of concepts and other technical evaluations of technologies, designs, and solutions and provide security requirements and recommendations.
• Serve as a point of escalation/mentor for junior engineers, and provide guidance on the use of DAST, SAST, CSPM tools, and application/cloud security standard methodologies. Participate in the evaluation of security tools used across the organization.

Basic Qualifications

• Minimum of 7+ years of experience in cybersecurity and cloud infrastructure engineering/architecture.
• In-depth knowledge of public clouds such as AWS, Azure, and GCP. Experience with securing AWS workloads is required.
• Proven ability to analyze and assess complicated application architectures and workflows to identify risk.
• Significant penetration testing experience and offensive capabilities in key focus areas including web applications, mobile applications, networks, cloud, and infrastructure.
• Basic knowledge of content security controls such as DRM, and visible and forensic watermarking is required.
• Detailed understanding of network technologies including routers, switches, load balancers, firewalls, proxies, etc.
• Familiarity with CI/CD principals, tools, and services. Hands-on experience implementing SAST, DAST, and SCA tooling is a plus.
• Experience securing a microservice environment, along with demonstrable knowledge of container technologies such as Kubernetes and Docker and securing such environments.

Preferred Qualifications

• One or more current security-related certifications (e.g., CISSP, SANS GIAC, etc.)
• One or more cloud security certifications (AWS, Azure, GCP, CCSP).
• Consistent track record of driving application security assessments for an organization.

Education

• Bachelor’s degree in Computer Science, Computer Engineering, or related technical field, and/or equivalent work experience, or significant experience and progress towards professional credentials.

This is an estimated 30-month project hire placement with no guarantee of permanent placement.

#DISNEYTECH

The hiring range for this position in California is $136,038 - $182,490 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.