Content Application Security at The Walt Disney Company in Burbank, California

The Walt Disney Company
Published
August 2, 2020
Location
Burbank, California
Job Type

Description

Senior Staff Engineer, Content Application Security

ResponsibilitiesLead application security assessments on studio production content related services, applications, platforms and workflows Maintain current knowledge of security threats and vulnerabilities that could impact products and their technology stack components and help product teams identify solutions that meet security requirements. Provide subject matter expertise on secure design & coding practices, assist in building and rolling out related guidelines and standards, perform manual source code reviews for high risk components
Build secure code library (security code snippets, common libraries, cryptographic libraries)Evaluate and operationalize security tools by integrating with the development environment and commit/build pipelines
Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls
Serves as security technical lead resource and subject matter expert (SME) across all Studio content platforms and services for operational, enhancement, and related activities. Must be able to contribute or build policies and procedures around Application Security. Interfaces with IT mission partners, including Networking, Architecture, and Project Delivery, to deliver content security business value
Establishes and maintains good working relationships with all team members, partners, and customers. Advocates for new/enhanced Security services on behalf of customers
Understands what vulnerabilities are and how to assist teams in remediation of them. Contributes requirements to technology selection process
Serves as application security technical resource on various initiatives and drives the technical security requirements. Support studio partners, in the testing and deployment phases of all security solutions initiatives, to ensure smooth operational knowledge development and transition. Collaborate with studio partners to ensure all new Security technology deployments include appropriate support documentation and that Security Operations team members are fully trained to take responsibility for monitoring, ongoing support, routine engineering, and operation of the new security technology. Supports Security Delivery in the testing and deployment phases of IT projects that require delivery of non-routine security solutions to ensure smooth operational knowledge development and transition. Mentor Security personnel, to help develop others and to highlight any coverage or skills gaps. Lead cross-functional troubleshooting of complex issues, as required
Adhere to all policies, rules, regulations, and procedures. Perform other duties or functions as requested by management. Basic Qualifications:6-10 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 3 years of Software Development experience
Significant penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, cloud infrastructure
Hands on experience with Software Development Java / C# / C++, Java
Script and HTMLHands on experience with scripting and automation in Powershell, Python, Bash, PerlMUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
Well versed in web application design, penetration testing, application risk assessment and risk categorization
Well versed (experience preferred) with driving and implementing secure development practices into SDLC (SSDLC); ability to successfully integrate security into a developer's world
Success in implementing effective Secure SDLC frameworks across a large corporation. Experience in managing application security testing tools like SAST, DAST, IAST and Open Source Vulnerability Scanning Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models. Deep knowledge and experience in using SAST, DAST, IAST, and fuzz testing tools
Experience with Check
Marx, Snyk, Fortify, Burp
Suite, ZAP, SQLMap, Sonar
Qube, Grabber, Arachni, Iron Wasp, Wapiti, MobSF.Strong knowledge of Authentication, Authorization, Availability, Confidentiality, Integrity, Non-repudiation. Highly effective communicator; well-honed influencing and negotiating skills
Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution. Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
Must have excellent presentation and written/verbal communication skills
Experience in technical project management/leading large-scale technology initiatives
Strong analytical, organizational and decision-making skills
Willingness to travel occasionally domestically
Excellent leadership and teamwork skills
Strong negotiator, self-motivated, and outgoing
Proven track record of driving application security assessments for an organization

Required

Education
Bachelor's degree in Computer Science, Information Systems, Cybersecurity, IT Engineering, or a related fieldOCSP, CEH, Pentest+, GWAPT, GPEN, GMOB, GEVA, AWS SAA, AZ-104, GCP-ACE About The Walt Disney Studios: For over 90 years, The Walt Disney Studios has been the foundation on which The Walt Disney Company was built. Today the Studio brings quality movies, music and stage plays to consumers throughout the world. Feature films are released under the following banners: Disney, including Walt Disney Animation Studios and Pixar Animation Studios, Disneynature, Marvel Studios and Lucasfilm. The Disney Music Group encompasses the Walt Disney Records and Hollywood Records labels, as well as Disney Music Publishing. The Disney Theatrical Group produces and licenses live events, including Disney on Broadway, Disney On Ice and Disney Live!. Ours is a culture of innovation, inspiration and collaboration that brings together visionary artists, gifted technologists and savvy business minds to conjure up magical entertainment experiences for a global audience. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Walt Disney Pictures, which is part of a business segment we call The Walt Disney Studios. Walt Disney Pictures is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

Related Jobs



Uh oh! Something went wrong. Please try again.
We were unable to find any more job. Have you tried changing your search keywords?