Job Directory Sr Security Specialist (Sec Assurance)

Sr Security Specialist (Sec Assurance)
Burbank, CA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets

2. Creation, maintenance, governance and communication of security policies and standards across TWDC

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

The Global Information Security - Red Team performs real world threat emulation with the continual goals of improving organizational readiness, providing advanced simulation for defensive teams, and assessing current control performance for critical TWDC assets. The goal of the Red Team is to continually drive prioritized improvements across TWDC enhancing the cyber security posture of the organization. Typical Red Team activities include, but are not limited to:

* Participate in all phases of Red Team Operations
* Support EAS Team with full manual penetration testing, tools development, and streamlining processes and procedures.
* Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS

Job Type

Full Time

Segment

The Walt Disney Company (Corporate)

Category

Technology

Basic Qualifications

* 3 years work experience
* Experience with performing Red Team Operations
* Expert level web application and network penetration testing skills
* Experience working with assessments tools/frameworks like Burp, Nessus, Metasploit, Mimikatz, and Cobalt Strike
* Experience customizing/developing in-house scripts and tooling
* Experience working with scripting and development languages like Bash, Powershell, Python, Perl, Ruby, PHP, C/C++,C#, and Java
* In-depth knowledge of operating systems (Unix/Linux, Windows, and Mac)
* In-depth knowledge of networking protocols and systems administrationOne or more of the following certifications:
* OSCP - Offensive Security Certified Professional
* OSWE - Offensive Security Web Expert
* GPEN - GIAC Penetration Tester
* GIAC - GIAC Web Application Penetration Tester



Business

The Walt Disney Company (Corporate)

Required Education

BS in computer science or relevant work experience

Preferred Qualifications

* One or more of the following certifications:
* OSCE - Offensive Security Certified Expert
* GXPN - GIAC Exploit Researcher and Advanced Penetration Tester



Postal Code

91502

Responsibilities

* Provides situation-based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
* Develops technical monitoring, assessment and response solutions that meet current specifications
* Reviews and presents reports (e.g., penetration test results, incident response metrics, forensics, network monitoring metrics), position papers, assessment recaps to team (peers) and next level of leadership within team
* Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
* Participate in all phases of Red Team Operations
* Support EAS Team with full manual penetration testing, tools development, and streamlining processes and procedures.
* Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against TWDC assets

2. Creation, maintenance, governance and communication of security policies and standards across TWDC

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

The Global Information Security - Red Team performs real world threat emulation with the continual goals of improving organizational readiness, providing advanced simulation for defensive teams, and assessing current control performance for critical TWDC assets. The goal of the Red Team is to continually drive prioritized improvements across TWDC enhancing the cyber security posture of the organization. Typical Red Team activities include, but are not limited to:

* Participate in all phases of Red Team Operations
* Support EAS Team with full manual penetration testing, tools development, and streamlining processes and procedures.
* Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS

Basic Qualifications

* 3 years work experience
* Experience with performing Red Team Operations
* Expert level web application and network penetration testing skills
* Experience working with assessments tools/frameworks like Burp, Nessus, Metasploit, Mimikatz, and Cobalt Strike
* Experience customizing/developing in-house scripts and tooling
* Experience working with scripting and development languages like Bash, Powershell, Python, Perl, Ruby, PHP, C/C++,C#, and Java
* In-depth knowledge of operating systems (Unix/Linux, Windows, and Mac)
* In-depth knowledge of networking protocols and systems administrationOne or more of the following certifications:
* OSCP - Offensive Security Certified Professional
* OSWE - Offensive Security Web Expert
* GPEN - GIAC Penetration Tester
* GIAC - GIAC Web Application Penetration Tester



Required Education

BS in computer science or relevant work experience

Preferred Qualifications

* One or more of the following certifications:
* OSCE - Offensive Security Certified Expert
* GXPN - GIAC Exploit Researcher and Advanced Penetration Tester



Responsibilities

* Provides situation-based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
* Develops technical monitoring, assessment and response solutions that meet current specifications
* Reviews and presents reports (e.g., penetration test results, incident response metrics, forensics, network monitoring metrics), position papers, assessment recaps to team (peers) and next level of leadership within team
* Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
* Participate in all phases of Red Team Operations
* Support EAS Team with full manual penetration testing, tools development, and streamlining processes and procedures.
* Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.