Skip Navigation
Find job opportunities in other countries japen-menu Back
Choose a Language

Help tell our stories in the most innovative ways!

Sr Security Specialist, VM

Apply Now Apply Later Job ID 524638BR Location Glendale, California, United States; Seattle, Washington, United States Business The Walt Disney Company (Corporate) Date posted Jan. 18, 2019

Job Summary:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets

2. Creation, maintenance, governance and communication of security policies and standards across TWDC

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

Enterprise Vulnerability Management ensures that IP-enabled compute instances connected to TWDC’s networks and used for conducting and delivering Disney business are known, secure and managed to an acceptable risk level.

Vulnerability Management programs protect TWDC intellectual property and data by ensuring servers are compliant with:
  • IT Security Policies and Standards
  • Data Handling Standards
  • Minimum Security Baselines
  • Industry and vendor-specific vulnerabilities
The Enterprise Vulnerability Management team is accountable for full-cycle vulnerability management across all segments of The Walt Disney Company. Infrastructure and application vulnerabilities are assessed within the context of the technologies used at TWDC. Risk-based remediation activities identified and coordinated across diverse stakeholders company-wide. Server compliance is monitored via periodic scans from various IT Security tools. Areas of non-compliance identified and documented.


Information Security Specialist, Vulnerability Management, has a broad range of responsibilities within the Global Information Security vulnerability management program, with emphasis on risk assessment, remediation, and customer engagement to ensure the removal of vulnerabilities from the technology environment. This role is directly responsible for infrastructure and application vulnerability research, analysis, categorization, and communication of risks posed in the context of technologies in use within TWDC. This role will work closely with other members of the Vulnerability Management team to ensure the effective and efficient execution of vulnerability treatments by diverse customer groups across the Enterprise. Other responsibilities include and are not limited to:
  • Evaluate all new security vulnerabilities identified by vendors of technologies used within the Enterprise
  • Investigate solutions and mitigations for vulnerabilities present within the Enterprise, and propose remediation in collaboration with the subject matter experts
  • Support execution of vulnerability management programs through meeting facilitation, activity measurement, customer engagement, and program education
  • Perform barrier analysis on vulnerability remediation and work with Information Security and Operations teams to identify and implement corrective measures
  • Develop reports that reflect vulnerability management program effectiveness and efficiency and perform targeted historical analysis; review historical trending data and recommend improvement opportunities
  • Partner with engineering and automation teams to identify opportunities to automate common vulnerability management analysis and remediation functions
  • Work with Security Architecture and technology stakeholders to inform the development secure configuration standards
The ideal candidate will have a background in information security disciplines and vulnerability management with specialization in mobile and IoT (internet of things) environments; previous operational systems administration experience is strongly preferred. He or she will have broad knowledge of infrastructure, operating system, and application technologies, an ability to quickly perform in-depth analysis across diverse technologies implemented in a complex environment. He or she should be familiar with writing and publishing information security advisories and formal risk assessments.

Basic Qualifications:

  • Minimum 5 years of practical technology experience with some experience in information security discipline
  • Must have knowledge of and experience applying information security components, principles, practices, and procedures
  • Some experience working with DevOps methodologies and automation
  • Some experience with data analysis and querying large data sets with SQL languages (SQL, T-SQL)
  • Demonstrates some proficiency in one or more programming language, i.e., C, C#, Python
  • Proven knowledge of core Internet and networking protocols (DNS, DHCP, TCP/IP, ARP, HTTP, HTTP/S, SSH) and IP communication is required.
  • Proven knowledge of infrastructure technologies is required: Windows and Linux operating systems and associated technologies.
  • Strong verbal and written communication skills; able to articulate complex issues to a variety of audiences
  • Ability to investigate and analyze complex scenarios and solve problems in innovative ways
  • Ability to work effectively in a cross-functional and highly collaborative environment
  • Able to produce and review process and procedural documentation, including knowledge base articles, workflows, and overview presentations
  • One or more Information Security certifications (e.g. CISSP or GIAC)

Preferred Qualifications:

  • Kepner-Tregoe Practitioner or equivalent
  • ITIL Foundations certification

Required Education

  • High School Diploma or equivalent
  • Some college courses or associate’s degree with focus in engineering, sciences, or IT

Preferred Education

  • BA/BS in information technology, computer science, computer engineering or equivalent.

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Disney Worldwide Services, Inc., which is part of a business segment we call The Walt Disney Company (Corporate).

Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

Apply Now Apply Later