Sr. Security Specialist , Security Architecture & Engineering
Burbank, CA

Job Description

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

* Analysis of known and emerging threats to determine risks against TWDC assets
* Creation, maintenance, governance and communication of security policies and standards across TWDC
* Assessment and audit of compliance against the security policies and standards
* Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

The IT Security Architecture & Engineering team develops and guides technology risk management in collaboration with teams across the company to enable responsive, secure and cost effective solutions.

We are a highly versatile and technical team, gleaning from network engineering, application security, architecture, risk assessment and control alignment. We are a team of security pros that are here to:

* Evaluate solutions and architectures to assess qualitative and quantitative risk
* Identify solutions to reduce risk and enhance our prevention and detection capabilities
* Conduct Threat Modeling

Job Type

Full Time

Segment

The Walt Disney Company (Corporate)

Category

Security

Basic Qualifications

* 5 years of experience with 3 or more areas including: public cloud, secure application development, virtual network big data, elastic compute, cloud security
* 1-3 years of practical cloud information security experience
* 5-8 years in IT and/or in this specific role
* Experience in information management and information technology security design and implementation
* Demonstrated experience with security event logs from Windows, Unix, intrusion detection systems, network, and remote access solutions
* Experience managing IDS / IPS / firewall systems in distributed/hybrid cloud environment
* Demonstrated experience in creating conceptual, logical and physical security diagrams, Thorough understanding of vulnerabilities and countermeasures.
* Information Security technology/compliance experience.
* Detailed understanding of TCP/IP and related communication protocols, Windows authentication mechanisms (Kerberos, NTLM, AD), networking technologies, software defined computing, containerization, routing and switching, big data, elastic compute, and risk analysis and risk management methodologies
* Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment
* Excellent written and verbal communication skills including reporting
* This will require practical use and understanding of advanced security protocols and standards, and solid knowledge of information security principles and practices as well as latest scalable technologies (hard and soft)
* Required: two or more senior Information Security and cloud certifications:
* CISSP, CCSP, AWS Certified Public Cloud Architect, MCSE cloud, VMWare VCP6cloud,EMCCA cloud computing Architect or GIAC)

Business

The Walt Disney Company (Corporate)

Required Education

* BA/BS in business or computer science or appropriate work experience

Postal Code

91502

Preferred Education

* Masters or other advanced degree preferred

Responsibilities

The Sr. Security Specialist, Security Architecture and Engineering is responsible for evaluating a myriad of deployment scenarios (e.g. on-prem, cloud, hybrid), services, models and technology to ensure they are secure and compliant across the Walt Disney Company (TWDC). This role is highly versatile and technical, gleaning from heavy network engineering, application security and DevSecOps.

Key responsibilities:

* Provides situation based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
* Creates, reviews and presents reports, position papers, assessment recaps to team (peers) and next level of leadership within team
* Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
* Develops and documents technical solutions that meet specifications and impact future developments (position papers, process flows, requirements, data flows, mapping to controls)
* Identifies, selects, develops and documents architecture artifacts (reference architectures, standards, policies, reusable designs, best practices) across data protection topics
* Researches, learns and assesses new technologies
* Leads discussions, assessments, tracking and overall reporting of technology security risks
* Documents issues, solutions and project status
* Understands business drivers and processes to evaluate risk and recommend solutions with a balanced result
* Promotes awareness of applicable security policies and standards
* Assists with the maintenance of metrics and scorecards in support of the information security program

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

* Analysis of known and emerging threats to determine risks against TWDC assets
* Creation, maintenance, governance and communication of security policies and standards across TWDC
* Assessment and audit of compliance against the security policies and standards
* Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.

The IT Security Architecture & Engineering team develops and guides technology risk management in collaboration with teams across the company to enable responsive, secure and cost effective solutions.

We are a highly versatile and technical team, gleaning from network engineering, application security, architecture, risk assessment and control alignment. We are a team of security pros that are here to:

* Evaluate solutions and architectures to assess qualitative and quantitative risk
* Identify solutions to reduce risk and enhance our prevention and detection capabilities
* Conduct Threat Modeling

Basic Qualifications

* 5 years of experience with 3 or more areas including: public cloud, secure application development, virtual network big data, elastic compute, cloud security
* 1-3 years of practical cloud information security experience
* 5-8 years in IT and/or in this specific role
* Experience in information management and information technology security design and implementation
* Demonstrated experience with security event logs from Windows, Unix, intrusion detection systems, network, and remote access solutions
* Experience managing IDS / IPS / firewall systems in distributed/hybrid cloud environment
* Demonstrated experience in creating conceptual, logical and physical security diagrams, Thorough understanding of vulnerabilities and countermeasures.
* Information Security technology/compliance experience.
* Detailed understanding of TCP/IP and related communication protocols, Windows authentication mechanisms (Kerberos, NTLM, AD), networking technologies, software defined computing, containerization, routing and switching, big data, elastic compute, and risk analysis and risk management methodologies
* Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment
* Excellent written and verbal communication skills including reporting
* This will require practical use and understanding of advanced security protocols and standards, and solid knowledge of information security principles and practices as well as latest scalable technologies (hard and soft)
* Required: two or more senior Information Security and cloud certifications:
* CISSP, CCSP, AWS Certified Public Cloud Architect, MCSE cloud, VMWare VCP6cloud,EMCCA cloud computing Architect or GIAC)

Required Education

* BA/BS in business or computer science or appropriate work experience

Preferred Education

* Masters or other advanced degree preferred

Responsibilities

The Sr. Security Specialist, Security Architecture and Engineering is responsible for evaluating a myriad of deployment scenarios (e.g. on-prem, cloud, hybrid), services, models and technology to ensure they are secure and compliant across the Walt Disney Company (TWDC). This role is highly versatile and technical, gleaning from heavy network engineering, application security and DevSecOps.

Key responsibilities:

* Provides situation based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
* Creates, reviews and presents reports, position papers, assessment recaps to team (peers) and next level of leadership within team
* Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
* Develops and documents technical solutions that meet specifications and impact future developments (position papers, process flows, requirements, data flows, mapping to controls)
* Identifies, selects, develops and documents architecture artifacts (reference architectures, standards, policies, reusable designs, best practices) across data protection topics
* Researches, learns and assesses new technologies
* Leads discussions, assessments, tracking and overall reporting of technology security risks
* Documents issues, solutions and project status
* Understands business drivers and processes to evaluate risk and recommend solutions with a balanced result
* Promotes awareness of applicable security policies and standards
* Assists with the maintenance of metrics and scorecards in support of the information security program