Skip to main content

Sr. Security Engineer, Application Security

Apply NowApply Later Job ID 983908BR Location Seattle, Washington, United States Business The Walt Disney Company (Corporate) Date posted Jun. 13, 2022 Flex Type Hybrid

- This role is considered hybrid, which means the employee will work a portion of their time on-site from a Company designated location and the remainder of their time remotely.

Job Summary:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

The Product Security team exists to ensure that our guests are protected and have a magical experience. We protect our guests and the Disney brand by engaging with product development teams at every of the product development lifecycle. We assess and influence product design, we analyze applications for flaws that may lead to security issues, and we provide penetration testing to ensure our products are secure.

We are looking to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

Responsibilities:

  • Build, own, and operate enterprise service(s) in support of the program.
  • Perform activities such as threat modeling, secure code reviews, security testing and vulnerability triage across various DMED applications.
  • Provide security guidance to application and service owners to remediate known security vulnerabilities.
  • Design, build and deploy automation to scale the discovery and management of security vulnerabilities across all DMED applications and platforms.
  • Improve upon and further integrate the Secure Development Lifecycle (SDLC) into product design and engineering efforts.
  • Analyze our security posture, identify gaps, and work closely with cross functional teams to implement controls and ensure strong operational security.
  • Develop security metrics delivery and improvements.
  • Evaluate and recommend new security testing tools.

Basic Qualifications:

  • Prior experience working within product/application security or prior development team experience with a security focus.
  • Strong experience developing applications (web, mobile, api) and scripting (Python, Perl, PowerShell, Yara)
  • Solid experience with using knowledge management and code repositories, including Github, Gitlab, Jira, and Confluence
  • Solid knowledge of general security threats, attack vectors, and vulnerabilities.
  • Ability to understand, balance and communicate business risk with security risk
  • Ability to break down and communicate technically complex security situations and impacts for a non-technical audience
  • Demonstrated ability to work in a challenging, dynamic, and fast-paced environment with limited supervision. Candidate should be able to succeed in both independent and collaborative work scenarios

Preferred Qualifications:

  • Experience working within product/application security with prior development experience.
  • Proven experience and in-depth knowledge with software development methodologies, CI/CD, and DevSecOps.
  • Knowledge of API security best practices
  • Experience with Web Application Firewall management and rules
  • Knowledge of automated attack tools and developing mitigation techniques.
  • Knowledge of public cloud services (AWS, Azure, GCP, etc.)
  • Understanding of infrastructure and application architecture with emphasis on security by design.
  • Demonstrate strong technical capability and experiences across a broad range of technical disciplines.

Required Education

  • BA/BS in Computer Science, Computer Engineering, Information Systems or Information Security preferred, or equivalent experience

Preferred Education

  • MS in Computer Science, Computer Engineering, Information Systems or Information Security preferred

Additional Information:

#DISNEYTECH
#LI-JP4

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate).

Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

Apply NowApply Later

Watch Our Jobs

Sign up to receive new job alerts and company information based on your preferences.

For Disney Job Alerts to work, JavaScript must be enabled in your browser.