Sr. Security Specialist, Enterprise Vulnerability Management
At Disney, we‘re storytellers. We make the impossible, possible. We do this through utilizing and developing cutting-edge technology and pushing the envelope to bring stories to life through our movies, products, interactive games, parks and resorts, and media networks. Now is your chance to join our talented team that delivers unparalleled creative content to audiences around the world.
The Global Information Security (GIS) group provides services to protect the value and use of Disney’s information through collaboration, standardization, enforcement, and education across The Walt Disney Company.
The main focus areas of this group are:
- Reduce the risk of both accidental and malicious data disclosure
- Identify, monitor, engage with complete inventory of information
- Establish appropriate policies and procedures to be followed
- Educate user community to minimize risk
The Walt Disney Company is currently seeking an experienced security engineer with a focus on cloud environments to join our Corporate IT Security organization. As the Senior Security Specialist, you will be part of a team of security engineers with extensive technical experience in enterprise data networks, systems design and administration, security and monitoring, capacity planning, and troubleshooting. The team’s primary goal is to support the tools used by our Security Operations Center (SOC) and incident response teams, including IDS/IPS, SIEM, packet capture, vulnerability management, and others. ResponsibilitiesEnterprise Vulnerability Management ensures that IP-enabled devices connected to TWDC’s networks and used for conducting and delivering Disney business are known, secure and managed to an acceptable risk level. Vulnerability Management programs protect TWDC intellectual property and data by ensuring servers are compliant with:
- IT Security Policies and Standards
- Data Handling Standards
- Secure Configuration Standards
- Industry and vendor-specific vulnerabilities
The Enterprise Vulnerability Management team is responsible for the full cycle of vulnerability management across all segments of The Walt Disney Company. Infrastructure and application vulnerabilities are assessed within the context of the technologies used at TWDC. Risk-based remediation activities identified and coordinated across diverse stakeholders company-wide. Server compliance is monitored via periodic scans from various IT Security tools. Areas of non-compliance identified and documented.
- Program Support: Enable execution of vulnerability management program through meeting facilitation, activity measurement, partner engagement, and program education
- Vulnerability Validation: Validate remediation for prioritized vulnerabilities, verify false positives, remediation barrier analysis and facilitate problem-solving
- Continuous Improvement: Identify and execute on improvement and expansion opportunities for enterprise vulnerability management services
- Reporting: Vulnerability management program effectiveness and efficiency and perform targeted historical analysis
- Minimum 5 years of practical technology experience with some experience in information security discipline.
- Must have knowledge of and experience applying information security components, principles, practices, and procedures
- Some experience with SQL languages (SQL, T-SQL) with advanced analytic SQL functions skills on the Microsoft SQL Server database platform
- Proven knowledge of core Internet and networking protocols (DNS, DHCP, TCP/IP, ARP, HTTP, HTTP/S, SSH) and IP communication is required.
- Proven knowledge of data center infrastructure technologies is required: Windows and Linux operating systems, clustering technology, data storage solutions, middleware technology, and monitoring technologies.
- Knowledge of public cloud hosting service providers and cloud security
- Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
- Ability to investigate and analyze complex scenarios and solve problems in innovative ways
- Experience in project management principles
- Passionate about using data to solve pressing and/or difficult questions
- Ability to work effectively in a cross-functional and highly collaborative environment; shares responsibility well and is flexible in work assignments.
- Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment. Ability to rapidly assess a situation and identify, isolate and communicate problems and issues
- Able to engage individuals and teams to evangelize processes, provide guidance constructively and in the context of the business need.
- Able to produce and review process and procedural documentation, including knowledge base articles, workflows, and overview presentations, all with great attention to detail.
- Superior judgment, problem resolution, team building, negotiation, and decision-making skills as well as the ability to work under continual deadline pressure.
- Applies skills as a seasoned experienced professional with a full understanding of industry practices and company policies and procedures. Resolves a wide range of issues in imaginative and as well as practical ways.
- Able to remain productive despite ambiguity; uses professional concepts and company objectives to resolve complex issues creatively and effectively.
- Able to scope tasks, technical requirements and estimate timelines independently for medium-to-large size projects.
- One or more Information Security certifications (e.g. CISSP or GIAC)
- Demonstrates some proficiency in one or more programming language, i.e., ASP.NET, C#, PHP, Python
- Some experience working with Dev/Ops methodologies
- High School Diploma or equivalent
- Some college courses or associate’s degree with focus in engineering, sciences, or IT
- BA/BS in information technology, computer science, computer engineering or equivalent.
Company Overview At Corporate, you’ll team with the best in the business to build one of the most innovative global businesses in any industry. Uniquely positioned at the center of an exciting, multi-faceted Company, the forward-thinkers at Disney Corporate constantly pursue new ideas and technologies to help the Company’s many businesses drive value, all the while gaining something valuable from the experience themselves. Come see the most interesting Company from the most interesting point of view. Additional Information
- This position is a legal entity of The Walt Disney Company, an equal opportunity employer.