Security Application Specialist
San Francisco, CA

Job Description

Job Description

Disney Streaming Services Information Security team's mission is to protect services, data, and technology assets of the organization, partners, and cast members. In concert with Disney's Global Information Security group, the DSS team works on initiatives that prevent, detect, and respond to malicious activity. Risk and threat assessment, incident response, security architecture, vulnerability management, governance and compliance, security awareness and training, security operations, among many other efforts make up the information security program.

This is a key role within the Information Security department that will be focused on application security for our streaming media service and other supporting applications. The application security engineer will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. Creation and execution of a training and awareness program for secure development and best practice is a key component of the role. This person will work closely with Disney's application security team and will build a community of practice with developers within DSS to support effective communication and collaboration. This person will be the subject matter expert for secure code development and will work with various application engineering teams to develop alternatives for remediation of vulnerabilities.

Job Type

Full Time

Segment

Direct-to-Consumer and International

Category

Security

Basic Qualifications

* 3+ years of relevant experience
* Experience with application security
* Experience in application development with at least one modern programming language.
* Knowledge of OWASP
* Knowledge of DevOps and Agile methods
* Experience performing code reviews and with associated applications such as static code analysis tools (Checkmarx, Vericode) in several languages
* Knowledge of web application architectures
* Knowledge of threat modeling
* Knowledge of dynamic code scanners such as AppScan or Qualys.

Business

Disney Streaming Services

Required Education

* 4-year degree or work experience equivalent


* CISSP, GIAC, or similar certification



Preferred Qualifications

* Media industry experience


* Other security experience such as incident handling (from appsec perspective), architecture, operations, GRC, etc.


* Cloud technology, specifically AWS



Postal Code

94107

Responsibilities

* Create and lead secure code working group with liaisons from various application and services engineering teams.
* Utilize security tools for the appsec program such as static and dynamic code analysis tools and develop continual improvement program.
* Coordinate red teams and penetration testers to facilitate exercises and work with application engineering teams on remediation. Oversee remediation efforts
* Assist with code reviews and create secure reusable patterns.
* Review application designs and solutions. Provide assessments.
* Lead secure code training and awareness program.
* Participate in information security operations duties, including occasional incident response escalations.
* Perform risk and threat assessments.

Job Description

Disney Streaming Services Information Security team's mission is to protect services, data, and technology assets of the organization, partners, and cast members. In concert with Disney's Global Information Security group, the DSS team works on initiatives that prevent, detect, and respond to malicious activity. Risk and threat assessment, incident response, security architecture, vulnerability management, governance and compliance, security awareness and training, security operations, among many other efforts make up the information security program.

This is a key role within the Information Security department that will be focused on application security for our streaming media service and other supporting applications. The application security engineer will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. Creation and execution of a training and awareness program for secure development and best practice is a key component of the role. This person will work closely with Disney's application security team and will build a community of practice with developers within DSS to support effective communication and collaboration. This person will be the subject matter expert for secure code development and will work with various application engineering teams to develop alternatives for remediation of vulnerabilities.

Basic Qualifications

* 3+ years of relevant experience
* Experience with application security
* Experience in application development with at least one modern programming language.
* Knowledge of OWASP
* Knowledge of DevOps and Agile methods
* Experience performing code reviews and with associated applications such as static code analysis tools (Checkmarx, Vericode) in several languages
* Knowledge of web application architectures
* Knowledge of threat modeling
* Knowledge of dynamic code scanners such as AppScan or Qualys.

Required Education

* 4-year degree or work experience equivalent


* CISSP, GIAC, or similar certification



Preferred Qualifications

* Media industry experience


* Other security experience such as incident handling (from appsec perspective), architecture, operations, GRC, etc.


* Cloud technology, specifically AWS



Responsibilities

* Create and lead secure code working group with liaisons from various application and services engineering teams.
* Utilize security tools for the appsec program such as static and dynamic code analysis tools and develop continual improvement program.
* Coordinate red teams and penetration testers to facilitate exercises and work with application engineering teams on remediation. Oversee remediation efforts
* Assist with code reviews and create secure reusable patterns.
* Review application designs and solutions. Provide assessments.
* Lead secure code training and awareness program.
* Participate in information security operations duties, including occasional incident response escalations.
* Perform risk and threat assessments.