Associate Security Engineer

The Associate Security Engineer assists senior cybersecurity professionals in designing, developing, and implementing secure solutions supporting Disney’s enterprise security objectives. Working closely with architects, engineers, developers, and business stakeholders, this role ensures that systems and architectures are securely designed, policy-compliant, and resilient against emerging threats.  This role helps develop versatile cybersecurity skills while expanding the candidate’s foundational knowledge in technology engineering, cybersecurity, and software development. 

This position provides highly-motivated candidates hands-on experience across a range of security domains—including identity and access management (IAM), cloud and infrastructure security, secure software development, and network and communications security. The ideal candidate demonstrates technical and professional curiosity and the desire to develop experience in applying architecture principles and control frameworks in a practical, business-aligned manner. 

The Associate Security Engineer collaborates on secure design reviews, control implementation, and threat modeling activities, and contributes to the creation and maintenance of architecture artifacts such as reference models, standards, and reusable patterns. Some familiarity with enterprise architecture frameworks such as TOGAF is highly beneficial, as the role often interfaces with solution architects and platform teams to align security considerations with enterprise architecture direction. 

Responsibilities and Duties of the Role: 

• Support secure solution design by collaborating with architects, engineers, and developers to ensure alignment with Disney's security standards and business objectives 

• Assist in security architecture activities, including risk and threat assessments, threat modeling, and secure design reviews 

• Contribute to the creation and maintenance of security artifacts such as reference architectures, control frameworks, and design patterns 

• Participate in cybersecurity assessments and architecture reviews, helping identify risks and recommend appropriate mitigations 

• Research and evaluate emerging technologies to support improvements in security resilience, automation, and detection 

• Document technical findings, project status, and security recommendations in clear, actionable formats 

• Support compliance initiatives through control mapping and alignment with standards such as NIST, CIS, and ISO 27001 

• Promote secure-by-design practices and contribute to the development of reusable security blueprints and best practices 

• Collaborate with cross-functional teams to evaluate security posture, track risks, and communicate security considerations in business-aligned terms 

Required Education, Experience/Skills/Training: 

Basic Qualifications: 

• Foundational knowledge of cybersecurity principles, technologies, and best practices 

• Understanding of IT systems, networks, and cloud environments (e.g., AWS, Azure, GCP) 

• Exposure to identity and access management (IAM), cloud/infrastructure security, or secure software development 

• Familiarity with security frameworks such as NIST, CIS, or ISO 27001 

• Ability to communicate technical concepts clearly and effectively, both verbally and in writing 

• Demonstrated curiosity, problem-solving skills, and willingness to learn new technologies 

• Ability to work collaboratively with cross-functional teams including engineers, architects, and business stakeholders 

Preferred Qualifications: 

• Internship or prior experience supporting security architecture, risk assessments, or secure system design 

• Familiarity with enterprise architecture frameworks such as TOGAF 

• Experience conducting or supporting threat modeling, vulnerability assessments, or security reviews 

• Understanding of control mapping and compliance alignment (e.g., SOC 2, PCI-DSS) 

• Knowledge of secure coding practices and software development lifecycle (SDLC) 

• Experience with common security tools and technologies (e.g., SIEM, endpoint protection, encryption, network segmentation) 

• Exposure to drafting security documentation such as reference architectures, control standards, or risk reports 

• Strong analytical skills with the ability to evaluate complex systems and propose pragmatic security solutions 

Required Education: 

• Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience