Staff Engineer, Cloud Security

This is a Full Time Job


The Staff Engineer, Cloud Security reports into the Senior Manager of Application and Cloud Security at The Walt Disney Studios based in Burbank. This role is part of the team that is responsible for validating that our content creation and delivery platforms, services, applications, workflows, and websites are designed and implemented to the highest security standards. You will be responsible for assisting in the secure design and analysis of the security of cloud-based infrastructures where studio content is produced. This is a deeply technical role, requiring a solid understanding and experience implementing a variety of cloud infrastructure solutions and services, as well as network security, identity, cyber security, privileged access, and related technologies, using solid design principles.

Responsibilities:

• Lead cloud infrastructure security assessments on studio production content related services, applications, platforms and workflows
• Maintain current knowledge of security threats and vulnerabilities that could impact products and their technology stack components and help product teams identify solutions that meet security requirements.
• Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls
• Serves as security technical lead resource and subject matter expert (SME) across all Studio content platforms and services for operational, enhancement, and related activities.
• Partner with the business and engage in secure technical design of cloud solutions based on use cases and business requirements
• Participate in proof of concepts and other technical evaluations of technologies, designs and solutions and provide recommendations
• Serves as security technical lead resource and subject matter expert (SME) across all Studio content platforms and services for operational, enhancement, and related activities.
• Interfaces with IT mission partners, including Networking, Architecture, and Project Delivery, to deliver content security business value
• Establishes and maintains good working relationships with all team members, partners, and customers.
• Advocates for new/enhanced Security services on behalf of customers
• Understands what vulnerabilities are and how to assist teams in remediation of them.
• Contributes requirements to technology selection process
• Stay abreast of emerging technologies and threats as well as proactively assess and evaluate the adoption thereof into the organization
• Reduce time-to-detect and time-to-remediate by driving the automation of applied threat intelligence and sensor enrichment
• Support studio partners, in the testing and deployment phases of all security solutions initiatives, to ensure smooth operational knowledge development and transition.
• Collaborate with studio partners to ensure all new Security technology deployments include appropriate support documentation and that Security Operations team members are fully trained to take responsibility for monitoring, ongoing support, routine engineering, and operation of the new security technology.
• Develop and expand API framework to interconnect Security Tools
• Responsible for input and feedback on security architectures
• Apply adept understanding and experience with systems automation platforms and technologies
• Engage in efforts that shape the organization's security policies and standards for use in cloud environments
• Interpret security and technical requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers
• Direct and influence multi-disciplinary teams in implementing and operating Cyber Security controls
• Collaborate with application development and infrastructure teams to deliver creative solutions to difficult technology challenges and business requirements
• Provide subject matter expertise on information security architecture and systems engineering to other IT and business teams
• Responsible for automating security controls, data and processes to provide improved metrics and operational support
• Employ cloud-based APIs when suitable to write network/system level tools for safeguarding cloud environments
• Spot and execute new security technologies and best practices into the company's cloud offerings.
• Mentor Security personnel, to help develop others and to highlight any coverage or skills gaps.
• Must be able to contribute or build policies and procedures around Cloud Security.
• Perform cross-functional troubleshooting of complex issues, as required
• Adhere to all policies, rules, regulations, and procedures.
• Perform other duties or functions as requested by management.

Basic Qualifications:

• 6-10 Years of Experience in cybersecurity and cloud infrastructure engineering/architecture with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline
• Significant penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, cloud infrastructure
• Experience and hands-on expertise in tuning of network sensors like IDS/IPS, DDOS, WAF Technologies.
• Domain expertise of network security sensors such as IDS/IPS, cloud security access broker, DDOS protections, Open DNS, Cloud9, CDN's etc.
• Detailed understanding of Network Technologies Routers, switches, Load Balancers, firewalls, proxy etc.
• Detailed proficiency with Linux and Windows.
• In depth understanding of TCP/IP protocols.
• Experience with PKI, SSL, SSH, HTTPS etc.
• Knowledge of RESTful web services (client – server application).
• Hands on knowledge of Automation skills, Dev Ops skills etc.
• System admin - Red Hat Linux/Unix, Windows – Experience and knowledge is mandatory.
• Software development domain and principles, including design patterns, code structure, programming languages, continuous integration (Git), continuous deployment (Travis/Jenkins), and deployment orchestration (Chef, puppet, or equivalent).
• Experience with open-source software security sensors (Bro IDS, Suricata, Snort, Molach etc.).
• Experience with network protocols and deep packet inspection.
• Experience with micro services.
• Experience with container technologies such as Kubernetes and Docker.
• Proven experience delivering large scale, highly available security solutions.
• In-Depth Knowledge of Public Cloud such as AWS, Azure and GCP.
• Relevant security certifications such as OSCP, ISC2 CISSP, SANS, CEH, etc. are a major plus.
• Must have excellent presentation and written/verbal communication skills
• Experience in technical project management/leading large-scale technology initiatives
• Strong analytical, organizational and decision-making skills
• Willingness to travel occasionally domestically
• Excellent leadership and teamwork skills
• Strong negotiator, self-motivated, and outgoing
• Proven track record of driving application security assessments for an organization

Required Education

• Bachelor's degree in Computer Science, Information Systems, IT Engineering, or a related field
• AWS-SAA, AWS-CSS, AZ-500, MS-500, AZ-300, CCA, CCP, CCSK, Cloud , CEH, Pentest , Linux , Network , LPIC-1, GSEC, GCIH, HashiCorp Associate, MCSE, VCP-CMA

About The Wa

[more...]