Skip to main content
Search Jobs
What would you like to do?

Where would you like to work?

Senior Engineer, Application Security

Burbank, CA - US

Apply NowApply Later


Job ID 763191BR Location Burbank, California, United States Business The Walt Disney Studios Date posted Jul. 14, 2020

Job Summary:

The Senior Engineer, Application Security reports into the Senior Manager of Application and Cloud Security at The Walt Disney Studios based in Burbank. This role is part of the team that is responsible for validating that our content creation and delivery platforms, services, applications, workflows, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of both internally developed and 3rd party applications and services, discovering and addressing security issues, helping to build security automation, and quickly reacting to new threat scenarios. This is a deeply technical role, requiring a solid understanding and experience implementing a variety of network security, identity, cyber security, privileged access, and related technologies, using solid design principles.

Responsibilities:

  • Perform application security assessments on studio production content related services, applications, platforms and workflows
  • Maintain current knowledge of security threats and vulnerabilities that could impact products and their technology stack components and help product teams identify solutions that meet security requirements.
  • Provide subject matter expertise on secure design & coding practices, assist in building and rolling out related guidelines and standards, perform manual source code reviews for high risk components
  • Build secure code library (security code snippets, common libraries, cryptographic libraries)
  • Evaluate and operationalize security tools by integrating with the development environment and commit/build pipelines
  • Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls
  • Serves as security technical lead resource and subject matter expert (SME) across all Studio content platforms and services for operational, enhancement, and related activities.
  • Must be able to contribute or build policies and procedures around Application Security.
  • Interfaces with IT mission partners, including Networking, Architecture, and Project Delivery, to deliver content security business value
  • Establishes and maintains good working relationships with all team members, partners, and customers.
  • Advocates for new/enhanced Security services on behalf of customers
  • Understands what vulnerabilities are and how to assist teams in remediation of them.
  • Contributes requirements to technology selection process
  • Serves as application security technical resource on various initiatives and drives the technical security requirements.
  • Support studio partners, in the testing and deployment phases of all security solutions initiatives, to ensure smooth operational knowledge development and transition.
  • Collaborate with studio partners to ensure all new Security technology deployments include appropriate support documentation and that Security Operations team members are fully trained to take responsibility for monitoring, ongoing support, routine engineering, and operation of the new security technology.
  • Supports Security Delivery in the testing and deployment phases of IT projects that require delivery of non-routine security solutions to ensure smooth operational knowledge development and transition.
  • Perform cross-functional troubleshooting of complex issues, as required
  • Adhere to all policies, rules, regulations, and procedures.
  • Perform other duties or functions as requested by management.

Basic Qualifications:

  • 3-5 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 2 years of Software Development experience
  • Significant penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, cloud infrastructure
  • Hands on experience with Software Development Java / C# / C++, JavaScript and HTML
  • Hands on experience with scripting and automation in Powershell, Python, Bash, Perl
  • MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
  • Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
  • Well versed in web application design, penetration testing, application risk assessment and risk categorization
  • Well versed (experience preferred) with driving and implementing secure development practices into SDLC (SSDLC); ability to successfully integrate security into a developer's world
  • Success in implementing effective Secure SDLC frameworks across a large corporation.
  • Experience in managing application security testing tools like SAST, DAST, IAST and Open Source Vulnerability Scanning
  • Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
  • Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
  • Deep knowledge and experience in using SAST, DAST, IAST, and fuzz testing tools
  • Experience with CheckMarx, Snyk, Fortify, BurpSuite, ZAP, SQLMap, SonarQube, Grabber, Arachni, Iron Wasp, Wapiti, MobSF.
  • Strong knowledge of Authentication, Authorization, Availability, Confidentiality, Integrity, Non-repudiation.
  • Highly effective communicator; well-honed influencing and negotiating skills
  • Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
  • Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
  • Must have excellent presentation and written/verbal communication skills
  • Experience in technical project management/leading large-scale technology initiatives
  • Strong analytical, organizational and decision-making skills
  • Willingness to travel occasionally domestically
  • Excellent leadership and teamwork skills
  • Strong negotiator, self-motivated, and outgoing
  • Proven track record of driving application security assessments for an organization

Required Education

  • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, IT Engineering, or a related field
  • OCSP, CEH, Pentest+, GWAPT, GPEN, GMOB, GEVA, AWS SAA, AZ-104, GCP-ACE

About The Walt Disney Studios:

For over 90 years, The Walt Disney Studios has been the foundation on which The Walt Disney Company was built. Today the Studio brings quality movies, music and stage plays to consumers throughout the world. Feature films are released under the following banners: Disney, including Walt Disney Animation Studios and Pixar Animation Studios, Disneynature, Marvel Studios and Lucasfilm. The Disney Music Group encompasses the Walt Disney Records and Hollywood Records labels, as well as Disney Music Publishing. The Disney Theatrical Group produces and licenses live events, including Disney on Broadway, Disney On Ice and Disney Live!. Ours is a culture of innovation, inspiration and collaboration that brings together visionary artists, gifted technologists and savvy business minds to conjure up magical entertainment experiences for a global audience.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Walt Disney Pictures, which is part of a business segment we call The Walt Disney Studios.

Walt Disney Pictures is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

Apply Later