Security Engineer - Offensive Security

Job Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences.

The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Burbank CA, Seattle WA, Orlando FL, and Bristol CT - and we will consider any of these locations in addition to Santa Monica CA and New York NY for this role.

In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology.

This process includes:
• Analysis of known and emerging threats to determine risks against TWDC assets
• Creation, maintenance, governance and communication of security policies and standards across TWDC
• Assessment and audit of compliance against the security policies and standards
• Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We are looking to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security, and love their work.

Responsibilities:

The Security Engineer, Offensive Security will be responsible for:
• Creating and executing penetration testing plans with liaisons from various application and services engineering teams.
• Working with application engineering teams on remediation.
• Assisting with security architecture reviews and threat modeling
• Reviewing application designs and solutions. Provide assessments.
• Participating in information security operations duties, including occasional incident response escalations.
• Performing risk and threat assessments.

Basic Qualifications:
• Experience with penetration testing
• Experience with vulnerability scanning & vulnerability scanners such as Tenable or Qualys.
• Experience with at least one modern programming language.
• Knowledge of OWASP
• Knowledge of web application architectures

Preferred Qualifications:
• Experience with Python
• Experience with AWS Amazon Web Services.
• Knowledge of DevOps and Agile methods
• Knowledge of threat modeling
• Other security experience such as incident handling, architecture, operations, GRC, etc.

Required Education
• BA/BS in business or computer science or equivalent work experience.

Preferred Education
• CISSP
• OSCP
• PenTest+ CompTIA
• CEH, CSA
• AWS Certs

Jobcode: Reference SBJ-d9ok8k-3-144-105-204-42 in your application.