Security Engineer - Product Security

This is a Full Time Job

Location: Burbank, California, United States; Orlando, Florida, United States; Seattle, Washington, United States

Job Summary:

Who We Are:

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:
• Secure the Magic by protecting information systems and platforms.
• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance operational efficiency.

Team Description:

The Product Security Team at The Walt Disney Company is dedicated to safeguarding the digital assets and intellectual property of one of the world's most beloved entertainment companies. Our team plays a crucial role in ensuring the security and integrity of Disney's diverse range of products and services, which span across theme parks, resorts, cruise lines, sports, news, movies, and various other businesses.

We are a dynamic and collaborative team that partners with engineering teams across the enterprise. Our mission is to mitigate technical risk by identifying vulnerabilities in Disney products, providing education to engineering teams on remediation techniques, and collaborating with other security teams to ensure the protection of our guests.

Our team is responsible for conducting security assessments, managing customer interactions, and developing security solutions that align with Disney's business strategies. We leverage cutting-edge technology and innovative approaches to enhance consumer experiences, enable business growth, and advance operational excellence.

What You Will Do:

We Are Hiring! We need a Security Engineer - Product Security to join our Team!

Responsibilities of Role:
• Manage and develop security partnerships with existing and new businesses of the TWDC to continually educate technology teams on reducing risk and integrating security into their product development.
• Collaborate with engineers and information security teams to address security risks and provide mitigation recommendations within the Software Development Lifecycle (SDLC).
• Support security assurance audits of our Product Security testing to help internal and external customers navigate and validate security compliance.
• Perform activities such as security testing reviews with teams, product demos and trainings, and building documentation to help enable engineering teams to test their products and release with security embedded into their SDLC.
• Regularly interact with internal and external customers on security-related projects and operational tasks. Design, build and deploy automation to scale the orchestration of security testing across all TWDC applications and platforms.

Must Have:
• Minimum 3+ years of experience in cybersecurity, application security, or related information technology disciplines.
• Programming/scripting skills with a language such as Python to automate work.
• Proven experience collaborating with teams on security and building trust through delivery and data.
• Strong understanding of at least two of the following security testing principles and practices, such as SAST, SCA, DAST, API, Mobile and Penetration testing.
• Excellent communication and collaboration skills.
• Ability to work in a fast paced, dynamic environment.

Nice To Have:
• Experience with security tooling and methodologies
• Experience integrating security checks into CI/CD pipelines or penetration testing.
• Experience with SBOMs and the security of the software supply chain.
• Familiarity with cloud security principles and technologies.
• Relevant certifications such as: GWAPT, OSWE, BSCP, CompTIA Security+ are highly desirable.

Education:

Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience.

#DISNEYTECH

The hiring range for this position in Burbank, California is $104,600 - $140,200 per year and in Seattle, Washington is $109,500 - $146,800 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.