Sr. Information Security Specialist
Marvel EntertainmentNew York, NY
Full Time Job
Marvel Entertainment's Information Security Team is looking for a Sr. Information Security Specialist who is an experienced professional with a passion for technology and related security aspects. More importantly, the candidate should understand that the key part of security is enabling the business to focus on their competitive edge securely instead of impeding it.
We need team members who can take a goal / responsibility – e.g. 'improving Marvel Entertainment security posture…' – and run with it. That means clarifying the goal, knowing if they can fulfill that goal, identifying obstacles, creating a plan, and executing to success. When there are areas of ambiguity or risk that need attention from superiors, Sr. Information Security Specialist needs to drive those conversations instead of expecting direction from above.
We want thoughtful experienced professionals that are sharp, perceptive, and use common sense which are more important than pyrotechnic analytic ability.
Desired attributes for individuals in role include:
• Breath of technical knowledge
• Informing / communication skills
• Customer Focus: the customers being within IT organization and/or Marvel and Disney businesses
• Listening and understanding customer needs
• Designing and operating security services
• Vet designs for industry best practices
• Prioritization both short term tasks and long term goals
• Drive for excellence and not tolerating less
• Strong investigative skills
• Innate curiosity in how things work
Candidates should have at 5 years of IT experience that includes depth and breadth across several technologies such as:
• Network routing/switching, TCP/IP, DNS, Firewalls, VPN, TLS, SFTP, SCP, SSH
• Engineering designs/implementations such as operation systems (Windows, *nix), directory services (MS AD, LDAP), Web servers/services (IIS, Apache. J2EE, Tomcat) and respective security hardening (CIS benchmark)
• Knowledge of confidentiality, integrity, availability principle and their respective application in both processes and technologies.
• Vulnerability management, patch management, infrastructure vulnerability assessment (Qualys, Tenable), web application vulnerability assessment (Dynamic/Static code analysis and penetration testing)
• Application Firewalls (L7 firewalls, WAF), forward/reverse proxies, DLP
• Experience in organizing and leading projects with managed security service providers (MSSP)
• Incident response and digital forensics
• Experience in scripting (PowerShell, Perl, Python) and Configuration Management (Ansible, Puppet, Chef) etc.
• Experience with Identity Access Management (IAM), Privilege Access Management (PAM), password management and role based user access control. SSO/SAML Authentication concepts and implementations
• Cryptographic services (data-in-transit and data-at-rest encryption), cryptographic Key management, PKI
• Knowledge of Endpoint Security, Mobile Device Management solutions (MDM)
• Web security concepts (e.g. Tokens), risks (OWASP Top10); SSL/TLS best practices
• Experienced in Secure Software Development lifecycle Management, understanding ''shift left'' approach and seamless lifecycle integration in a CI/CD environment (SVN, GitLab, Jenkins)
One of Major InfoSec Certifications (CISSP, CISM, SANS) would be preferred but not required.
About Marvel Entertainment:
Marvel Entertainment, LLC, a wholly-owned subsidiary of The Walt Disney Company, is one of the world's most prominent character-based entertainment companies, built on a proven library of over 8,000 characters featured in a variety of media over seventy years. Marvel utilizes its character franchises in entertainment, licensing and publishing.
About The Walt Disney Company:
The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.
This position is with Marvel Entertainment, LLC, which is part of a business segment we call Marvel Entertainment.
Marvel Entertainment, LLC is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.