Security Risk Engineer
Santa Monica, California, United StatesApply NowApply Later
Job ID 778708BR Location Santa Monica, California, United States Business The Walt Disney Company (Corporate) Date posted Apr. 01, 2021
Job Summary:At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
Disney Streaming’s Risk & Data Security team is seeking a Security Risk Engineer with experience in application security that will be an outstanding addition to our Information Security department. In this role, you will ensure the proper risk & security posture for Disney Streaming's data & applications while serving as the interface between the Engineering, Development, Business and Security Teams. The right person for this role is passionate about risk management, data security, secure development, and security engineering & architecture. If you are someone who is ready to solve complex problems, prefer a challenging work environment, then this is a great role for you!
This will be for all of Disney Streaming (Disney+, Hulu, ESPN+, STAR+) and is being hired out of the Hulu headquarters.
- Advise and consult with partners on identified risks & how to address those risks
- Engage with developers & engineers to provide risk ratings & remediation support
- Serve as the key member responsible for technical reviews & implementations in the Vendor Security Risk Review program
- Perform security risk reviews of internal & external business initiatives
- Regularly assist in security risk analysis
- Identify, qualify, and prioritize technology risk for Disney Streaming
- Serve as an application security risk domain specialist, through consultation and collaboration with the Application Security team & relevant stakeholders
- Participate in risk assessments & analysis involving current and proposed services & features
- Assist in development of risk reporting and design of risk dashboards
- Support risk activities related to data & content security
- 3+ years of security risk experience
- 2+ years of application security and/or development experience
- Knowledge of security vulnerabilities and remediation techniques
- Knowledge of CI/CD, JIRA
- Proven experience in understanding security vulnerabilities and identifying remediation techniques
- Experience with risk quantification (FAIR or similar framework)
- Understanding of security controls related to cloud-based offerings
- Knowledge of evaluating and assessing security threats across a variety of environments and industries
- Strong analytical skills and ability to multi-task
- Experience working with AWS or other cloud environments (development/architecture)
- Understanding beyond the OWASP Top 10 by explaining the level of risk to the business
- Experience with building out and utilizing GRC offerings
- Has successfully managed or participated in bug bounty programs
- Contributed to open-source projects
- Experience with audits & assessments driven by business needs, regulatory requirements, and/or industry standards
- Practiced threat modeling applications
- CISSP, Security+ or other industry certifications
- Experience working with companies that have a heavy microservice architecture
- Media industry experience
- Bachelor's degree in Computer Science or equivalent experience in a related field
About The Walt Disney Company (Corporate):
At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.
About The Walt Disney Company:
The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.
This position is with Disney Worldwide Services, Inc., which is part of a business segment we call The Walt Disney Company (Corporate).
Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status or any other basis prohibited by federal, state or local law. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.