Security Engineer, Security Assurance - Orlando, United States - The Walt Disney Company
Description
We are hiring a Security Engineer, Security Assurance with testing experience tojoin our Team
About Us:
At Disney, we're storytellers. We make the impossible possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world.
This passion remains our touchstone in an enterprise that stretches from theme parks, resorts, and a cruise line to sports, news, movies, and a variety of other businesses.
Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we're constantly looking for new ways to enhance and protect these exciting experiences.
TheGlobal Information Security (GIS) group
provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise.
To ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services to address emerging threats and changes in business and technology.
This process includes:
An analysis of known and emerging threats to determine risks against TWDC assets.
Creation, maintenance, governance, and communication of security policies and standards across TWDC.
Assessment and audit of compliance against the security policies and standards.
Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria.
The Global Information Security –
Security Research and Testing Team (SRT)
performs adversarial cyber security testing to improve organizational readiness and assess current control performance for critical Disney Experiences (DX) assets.
SRT focuses on meticulously identifying and exploiting vulnerabilities within the DX network and systems before potential adversaries can leverage them.
This will involve emulating advanced cyber threats in a controlled manner, drawing on your deep understanding of diverse technologies, systems, and the mindset of potential threat actors.
This role goes beyond testing, and you will be tasked with creating comprehensive reports and delivering in-depth analysis of findings.
What You Will Do:
Perform manual and adversarial level testing on DX technology assets
Perform deep analysis of systems to understand limitations and weaknesses to identify cyber security challenges that need to be addressed
Drive security risk decisions and influence technical architecture
Solve information security problems before they surface by using cutting-edge strategies and testing techniques to identify and address emerging cyber-threats
Participate in the cyber security development of DX products and solutions to ensure security requirements are built-in from the beginning
Continual self-education of emerging technologies to assist in developing secure configurations (i.e., Cloud Web Services, IoT devices, mobile applications, control systems, etc.)
Monitor industry trends and identify best practices and/or methodologies to implement in-house
Must Have:
2+ years of cybersecurity experience working as an Adversarial/Red Team Tester, Reverse Malware Analyst, or Penetration Tester.
2+ years Threat/Vulnerability identification, analysis, and remediation experience.
2+ years' experience with NIDS/HIDS, network taps, endpoint detection and response solutions.
Knowledge of security testing services/solutions.
Ability to identify risks and develop appropriate mitigation plans to reduce or eliminate.
Conceptual understanding of adversarial techniques, signals/IOC's generated and containment/mitigation paths.
Ability to establish credibility and working relationships with a wide range of personnel, including operations, management and legal staff.
Knowledge of tools and techniques for analyzing large sets of data.
Demonstrated experience using various log sources, as well as internal and external threat intelligence, to identify emerging threats.
Deep understanding of common security practices and frameworks.
Demonstrated strong organizational and time management skills.
Nice To Have:
Knowledge of reverse malware processes and tools.
Knowledge of cloud providers and cloud security best practices.
GIAC Penetration Tester Certification / GPEN certification.
OffSec OSCP, or other like OffSec certification.
Knowledge of IoT devices and security concepts.
1+ years of coding (Python, Bash, JS...).
Generate customized scripts in common languages such as Python, Pearl, and/or bash.
Understanding of SIEM solutions/Splunk.
Security accreditation (i.e., CISSP, GSEC, CISM).
Experience with both commercial and open-source tools such as Kali, nmap, Nessus, openvas, sqlmap, Burp Suite, meterpreter, kismet, fiddler, Wireshark, and Aircrack-ng
Knowledge of security-related legislation/regulations emphasizing PCI and other privacy regulations.
Required Education:
Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or related work experience testing information systems.
Job ID:
Location:
Orlando,Florida
Job Posting Company:
The Walt Disney Company (Corporate)
The Walt Disney Company and its Affiliated Companies are Equal Employment Opportunity employers and welcome all job seekers including individuals with disabilities and veterans with disabilities.
If you have a disability and believe you need a reasonable accommodation in order to search for a job opening or apply for a position, email with your request.
This email address is not for general employment inquiries or correspondence.We will only respond to those requests that are related to the accessibility of the online application system due to a disability.
#J-18808-Ljbffr