Job Summary:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program.

Our key objectives are to:

Secure the Magic by protecting information systems and platforms.Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.Strengthen the business through optimizing execution, application, and technology used to protect the Company.Innovate by investing in core capabilities to enhance operational efficiency.

Responsibilities:

Design and architect security solutions for the business.Build and setup security solutions to specifications.Process and prioritize security assessment reportsEvaluate designs and request and how well they conform to security controlsDesign and maintain security controls for applications and infrastructureImplement WAF configurations, network segregation, and device securityUnderstand and audit device security configurations and standards.Enhance security monitoring and detection systemsConduct security training and awareness programsIdentifying current and emerging technology issues including security trends, vulnerabilities and threatsConduct security investigationsSourcing and implementing new security solutions to better protect the organizationConducting proactive research to analyze security weaknesses and recommend appropriate strategiesDrive optimization of security tool deployments and introduce scalable processes across Cyber Security capabilities.Drive collaboration with other Information Security team members across the broad spectrum of information security programsDesigns, develops, and implements platforms needed to host Applications.Proficiency in scripting languages like Python, Bash, and Powershell.Experience with Opensearch, PostgreSQL, and other data storage platforms.

Basic Qualifications:

Minimum 3+ years of hands-on experience in security engineering or SRE with security focus, proficiency in at least two of the following domains: Implementing and automating security controls, Contributing to issue response and remediation, building or maintaining observability or security solutions.Minimum 1+  years of practical experience working with cloud platforms and services in public cloud environments (e.g., AWS, Azure, Google Cloud Platform), including implementation of native cloud security controls, managing IAM roles and permissions.Minimum 1+  years of practical experience managing a cyber security tool such as endpoint detection, vulnerability scanning, firewalls, SIEM or pentesting experienceFamiliarity with cloud computing, Linux administration, and TCP/IP protocols Experience with NIST and CIS security benchmarks

Preferred Qualifications:

Experience working in a dedicated security team building or managing security tools and processes. Ability to build and maintain security tools and services. Sharp analytical skills to troubleshoot complex platform issues and understand service inter-dependencies · Proven ability to work effectively across technical, security and on-technical teams ·Consistent drive to enhance processes, automation and reliability · Able to manage multiple priorities effectively Experience with project management and collaboration tools (e.g., Jira, Confluence, Miro, SharePoint, etc.)AWS/GCP/Azure Certified DevOps Engineer, CISSP, NET+, Security+

Required Education/Experience

Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience
The hiring range for this position in Seattle, WA is $109,500 to $146,800 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.