Jr. AppSec Engineer - Burbank, United States - Insight Global

Description

Interview Process: 2 rounds of interview. 1st round screen with panel then with hiring leader

This position is hybrid, Orlando, Seattle or Burbank.

Primary responsibilities are to conduct IT security assessment and testing. This person will be responsible for taking over the review process, assist with Secuity review and risk assessment process. Vulnerability testing of interfaces between systems ((i.e. MS365 to ServiceNow. Need to train up on Disney's compliance policies. Will consider someone who works in the Cybersecurity looking for a growth opportunity to broaden their skill set

This candidate assists senior cybersecurity professionals in evaluating a myriad of deployment scenarios (e.g., on-prem, cloud, hybrid), services, models, and technology to ensure they are secure and compliant across the Walt Disney Company (TWDC).

This role builds on the candidate's technological foundation to cultivate versatile and technical cybersecurity skills and enhances the candidate's knowledge in technology engineering, cybersecurity, and software development.

The candidate should have foundational exposure and/or experience across security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.

While familiarity and experience with various security tools prevalent in today's information technology enterprise are highly beneficial, this role requires candidates to be able to think critically and holistically about cybersecurity risk.

The candidate should not rely solely on the use or output of cybersecurity tools to assess the risk of an application or service.

A viable candidate should be able to articulate the risk associated with an application or service based on evaluation of its design and configuration, data classification and flow, security control alignment, and current and emerging threats.

RESPONSIBILITIES

• Provides situation based support, using foundational knowledge of information technology, to help ensure systems are designed in accordance with and are aligned with Company security requirements or industry best practices.
• Participates in cybersecurity risk assessments, security architecture reviews, and research into information technology applications and services.
• Creates, reviews, and presents reports and assessment recaps to the team (peers) and the next level of leadership within the team.
• Assists with risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents.
• Reviews architecture artifacts (reference architectures, standards, policies, reusable designs, best practices)
• Researches, learns, and assesses new technologies
• Contributes to technical discussions, assessments, tracking, and reporting of technology security risks
• Documents issues, solutions, and project status
• Develops an understanding of business drivers and processes to evaluate risk and recommend potential solutions
• Promotes awareness of applicable security policies and standards
• Assists with the maintenance of metrics and scorecards in support of the information security program

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day.

We are an equal opportunity/affirmative action employer that believes everyone matters.

Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances.

If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
.

Required Skills & Experience
-3 to 5years of experience in Information Technology and/or information technology/cyber security and/or cyber risk management.
-1 to 3 years of experience with 3 or more of the following areas: Security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.

• Knowledge and understanding of cloud computing service terminology and concepts.
• Preferably 1 to 3 years of practical cloud information security experience and a familiarity with major cloud service providers (e.

g., Amazon Web Services (AWS), Microsoft Azure, Google Cloud, etc.).

• Familiarity with cybersecurity frameworks and threat modeling concepts such as STRIDE, MITRE ATT&CK, and NIST publications (particularly and
• This position is hybrid, Orlando, Seattle or Burbank.
• BS degree in computer science or related experience.

Nice to Have Skills & Experience

Preferred:
one or more Information Security or cloud certifications (e.g., CISSP, CCSP, GIAC, Security+, AWS Certified Public Cloud Architect, MCSE cloud, VMWare VCP6 cloud, EMCCA cloud computing Architect)

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching.

Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.