Sr Security Specialist (Sec Assurance)
Burbank, CA - USApply Now Apply Later
Job ID 675542BR Location Burbank, California, United States; Seattle, Washington, United States Business The Walt Disney Company (Corporate) Date posted 04/06/2019
Job Summary:At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
1. Analysis of known and emerging threats to determine risks against TWDC assets
2. Creation, maintenance, governance and communication of security policies and standards across TWDC
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
The Global Information Security – Red Team performs real world threat emulation with the continual goals of improving organizational readiness, providing advanced simulation for defensive teams, and assessing current control performance for critical TWDC assets. The goal of the Red Team is to continually drive prioritized improvements across TWDC enhancing the cyber security posture of the organization.
- Provides situation-based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
- Reviews and presents reports (e.g., penetration test results, incident response metrics, forensics, network monitoring metrics), position papers, assessment recaps to team (peers) and next level of leadership within team
- Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
- Participate in all phases of Red Team Operations
- Develop proof of concept exploits for potential use within RTOs
- Evaluate software and source code for potential vulnerabilities
- Support EAS Team with full manual penetration testing, tools development, and streamlining processes and procedures.
- Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS
- 3 years of work experience
- Experience with performing Red Team Operations
- Expert level web application and network penetration testing skills
- Experience working with assessments tools/frameworks like Burp, Nessus, Metasploit, Mimikatz, and Cobalt Strike
- Experience working with Active Directory assessment tools such as Bloodhound
- Experience customizing/developing in-house scripts and tooling
- Experience working with scripting and development languages like Bash, PowerShell, Python, Perl, Ruby, PHP, C/C++,C#, and Java
- In-depth knowledge of operating systems (Unix/Linux, Windows, and Mac)
- In-depth knowledge of networking protocols and systems administration
- One or more of the following certifications:
- OSCP – Offensive Security Certified Professional
- GPEN – GIAC Penetration Tester
- GWAPT – GIAC Web Application Penetration Tester
- One or more of the following certifications:
- OSCE – Offensive Security Certified Expert
- GXPN – GIAC Exploit Researcher and Advanced Penetration Tester
- OSWE - Offensive Security Web Expert
Required EducationBS in computer science or relevant work experience
About The Walt Disney Company (Corporate):
At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.
About The Walt Disney Company:
The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.
This position is with Disney Worldwide Services, Inc., which is part of a business segment we call The Walt Disney Company (Corporate).
Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.
Watch Our Jobs
Sign up to receive new job alerts and company information based on your preferences.