Security Specialist

Who We Are

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) Organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

Secure the Magic by protecting information systems and platforms.

Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.

Strengthen the business through optimizing execution, application, and technology used to protect the Company.

Innovate by investing in core capabilities to enhance operational efficiency.

Team Description

The Product Security team exists to ensure that our guests are protected and have a magical experience. We protect our guests and the Disney brand by engaging with product development teams at every step of the product development lifecycle. We assess and influence product design, analyze applications for flaws that may lead to security issues, and provide penetration testing to ensure our products are secure.

We Are Hiring! We are adding a Security Specialist to our Team! We need someone who is focused on delivery, prioritizes data-driven decisions over opinions, is a continuous learner, passionate about information security, and loves their work.

This role will report to the Manager overseeing Flagship Pentesting and API Security Services. Our mission is to ensure the security and resilience of critical systems through specialized Penetration Testing and API Assessments.

Responsibilities:

• Develops application monitoring, assessment, and response solutions.
• Provides situation-based support, using in-depth knowledge of TWDC technology, to ensure applications are tested annually and are aligned with Company security requirements.
• Executes services, e.g., network discovery & enumeration; server compliance tool management; vulnerability remediation assurance; MyID and SecureIT.
• Prepares domain/function-specific reports as directed by leadership.
• Manage intake and conduct outreach for security testing requests.
• Manage and establish development and delivery of documentation to facilitate security testing processes.
• Regularly check in with multiple business units for ongoing penetration testing projects and status.
• Escalate key issues and risks to ensure timely resolution and mitigation.
• Work with cross-discipline team members to validate project assumptions and review project plans with leadership.
• Ensure proactive scheduling of key deliverables, milestones, and deliverable tasks.

Must Have

• Minimum of 3 years of experience in cybersecurity or related information technology disciplines.
• Understanding of security principles and practices.
• Excellent communication and collaboration skills.
• Experience in technical writing for software/hardware/product documentation.
• Ability to work in a fast-paced and dynamic environment.

Nice To Have

• Knowledge in the areas of Penetration Testing and/or API Security.
• Familiarity with Jira, Confluence, and Miro or equivalents.

Education:

• Bachelor’s degree in Business or Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or a comparable field of study, and/or equivalent work experience.

The hiring range for this remote position is $90,800 - $140,000 per year, which factors in various geographic regions. The actual offered base pay will consider internal equity and may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience. A bonus and/or long-term incentive units may be included in the compensation package, along with medical, financial, and other benefits, depending on the level and position.