Sr. Security Specialist – Incident Response
Celebration, Florida, United StatesApply NowApply Later
Job ID 772315BR Location Celebration, Florida, United States Business The Walt Disney Company (Corporate) Date posted Jan. 26, 2021
Job Summary:At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
- Analysis of known and emerging threats to determine risks against TWDC assets
- Creation, maintenance, governance and communication of security policies and standards across TWDC
- Assessment and audit of compliance against the security policies and standards
- Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria.
- We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
Responsibilities:Implement and Deliver the Incident Response Service
- Conduct and lead incident response activities (triage, communications, containment, eradication, root cause determination, etc.) consistent with defined Incident Response processes and procedures for Information Security incidents as defined in the TWDC Incident Response Plan.
- Perform in-depth analysis (e.g. log review) for security incidents involving various data and media types through the application of advanced methods, tools, and research techniques.
- Comprehensively document and track Incident Response actions in defined platforms/tools.
- Create, develop, and update Knowledge Base articles, runbooks/playbooks, processes, procedures, and other documentation,
- Function as an escalation point for Notable items detected by SIEM, SOC, and other detection tools requiring analysis.
- Monitor internal and external threats; examine logs, events, and alerts generated by multiple platforms for anomalous, unwanted activity, or other suspicious conditions that may result in an Information Security incident.
- Prepare and/or deliver briefings, reports, and or presentations to leadership, team members, and security partners of ongoing activities, items, concerns, etc. as they relate to Information Security incidents and/or potential systemic Information Security concerns.
- Develop, foster, and maintain strong working relationships with the extended Incident Response team and key partners, including Segment/BU Incident Response resources, other Information Security teams, and technology teams.
Perform other Functions
- Compile and analyze both internal and external data in order to author threat assessments reports, security readiness position papers, etc.
- Establish and leverage both internal and external relationships to obtain cyber threat information with context for how it impacts TWDC.
- Maintain currency with external trends, reports, research, and other to maintain an effective security posture.
- Provide input, trends or analytical support to the Enhanced Detection team to discover anomalous traffic, behaviors or patterns related to new threat activity, policy violations, etc.
- Support the eDiscovery team in the process of searching, locating, processing, reviewing, and securing data with the intent to use it as evidence for legal cases.
- Collaborate with the Security Awareness team to help identify and support the development of new security training material based on lessons learned or new emerging issues.
- Provide analytical support and/or other input to facilitate Sensitive Information Protection, Insider Risk, Employee Relations, Legal, or Human Relations efforts to protect sensitive content and confidential information.
- As needed or required, conduct or facilitate the collection of forensic images/evidence files.
- Conduct system forensic examination to determine root cause of an issue.
- Develop or review formal forensic examination reports for publishing or distribution.
Basic Qualifications:Work Experience
- Minimum 10 years of practical technology experience with 7 years in an information security discipline.
- Must have knowledge of information security components, principles, practices, and procedures
- Must have knowledge of web application, infrastructure, and Internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
- Must have experience in digital analysis, such as computer and network forensics.
- Prior experience as a SOC Analyst, Incident Responder, or Forensic Analyst
- Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment. Ability to rapidly assess a situation and identify, isolate and communicate problems and issues.
- Excellent communication skills (both oral/written) including ability to clearly communicate risks and risk management issues to technologists and non-technologists.
- Ability to investigate complex scenarios and solve problems.
- Strong technical writing skills
- Willingness to participate in an on-call rotation, including the possibility of working nights, weekends, and/or holidays as required by incident response activities.
- Ability to function both independently and as part of a team.
- Python or other scripting languages
- Experience with building Splunk queries and dashboards
- Experience with data manipulation and query in a linux environment (eg, sed,awk,grep, etc
- Experience with cloud-based systems (AWS, Azure, GCP) from both an operational and response perspective
- SANS GIAC (GCIA, GCIH, GCED, GCFA, GSEC)
- BA/BS in information technology, computer science, computer engineering or equivalent.
About The Walt Disney Company (Corporate):
At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.
About The Walt Disney Company:
The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.
This position is with Disney Worldwide Services, Inc., which is part of a business segment we call The Walt Disney Company (Corporate).
Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status or any other basis prohibited by federal, state or local law. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.