Staff Engineer, Content Application Security
Walt Disney Pictures
Burbank, CAThis was removed by the employer on 10/30/2020 1:50:00 PM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Staff Engineer, Content Application Security jobs in Burbank-CA
Search all Staff Engineer, Content Application Security postings
Full Time Job
Job Summary:
The Staff Engineer, Content Application Security reports into the Senior Manager of Application and Cloud Security at The Walt Disney Studios based in Burbank. This role is part of the team that is responsible for validating that our content creation and delivery platforms, services, applications, workflows, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of both internally developed and 3rd party applications and services, discovering and addressing security issues, helping to build security automation, and quickly reacting to new threat scenarios. This is a deeply technical role, requiring a solid understanding and experience implementing a variety of network security, identity, cyber security, privileged access, and related technologies, using solid design principles.
Responsibilities:
• Lead application security assessments on studio production content related services, applications, platforms and workflows
• Maintain current knowledge of security threats and vulnerabilities that could impact products and their technology stack components and help product teams identify solutions that meet security requirements.
• Provide subject matter expertise on secure design & coding practices, assist in building and rolling out related guidelines and standards, perform manual source code reviews for high risk components
• Build secure code library (security code snippets, common libraries, cryptographic libraries)
• Evaluate and operationalize security tools by integrating with the development environment and commit/build pipelines
• Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls
• Serves as security technical lead resource and subject matter expert (SME) across all Studio content platforms and services for operational, enhancement, and related activities.
• Must be able to contribute or build policies and procedures around Application Security.
• Interfaces with IT mission partners, including Networking, Architecture, and Project Delivery, to deliver content security business value
• Establishes and maintains good working relationships with all team members, partners, and customers.
• Advocates for new/enhanced Security services on behalf of customers
• Understands what vulnerabilities are and how to assist teams in remediation of them.
• Contributes requirements to technology selection process
• Serves as application security technical resource on various initiatives and drives the technical security requirements.
• Support studio partners, in the testing and deployment phases of all security solutions initiatives, to ensure smooth operational knowledge development and transition.
• Collaborate with studio partners to ensure all new Security technology deployments include appropriate support documentation and that Security Operations team members are fully trained to take responsibility for monitoring, ongoing support, routine engineering, and operation of the new security technology.
• Supports Security Delivery in the testing and deployment phases of IT projects that require delivery of non-routine security solutions to ensure smooth operational knowledge development and transition.
• Mentor Security personnel, to help develop others and to highlight any coverage or skills gaps.
• Lead cross-functional troubleshooting of complex issues, as required
• Adhere to all policies, rules, regulations, and procedures.
• Perform other duties or functions as requested by management.
Basic Qualifications:
• 6-10 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 3 years of Software Development experience
• Significant penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, cloud infrastructure
• Hands on experience with Software Development Java / C# / C , JavaScript and HTML
• Hands on experience with scripting and automation in Powershell, Python, Bash, Perl
• MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
• Well versed in web application design, penetration testing, application risk assessment and risk categorization
• Well versed (experience preferred) with driving and implementing secure development practices into SDLC (SSDLC); ability to successfully integrate security into a developer's world
• Success in implementing effective Secure SDLC frameworks across a large corporation.
• Experience in managing application security testing tools like SAST, DAST, IAST and Open Source Vulnerability Scanning
• Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
• Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
• Deep knowledge and experience in using SAST, DAST, IAST, and fuzz testing tools
• Experience with CheckMarx, Snyk, Fortify, BurpSuite, ZAP, SQLMap, SonarQube, Grabber, Arachni, Iron Wasp, Wapiti, MobSF.
• Strong knowledge of Authentication, Authorization, Availability, Confidentiality, Integrity, Non-repudiation.
• Highly effective communicator; well-honed influencing and negotiating skills
• Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
• Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
• Must have excellent presentation and written/verbal communication skills
• Experience in technical project management/leading large-scale technology initiatives
• Strong analytical, organizational and decision-making skills
• Willingness to travel occasionally domestically
• Excellent leadership and teamwork skills
• Strong negotiator, self-motivated, and outgoing
• Proven track record of driving application security assessments for an organization
Required Education
• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, IT Engineering, or a related field
• OCSP, CEH, Pentest , GWAPT, GPEN, GMOB, GEVA, AWS SAA, AZ-104, GCP-ACE
About The Walt Disney Studios:
For over 90 years, The Walt Disney Studios has been the foundation on which The Walt Disney Company was built. Today the Studio brings quality movies, music and stage plays to consumers throughout the world. Feature films are released under the following banners: Disney, including Walt Disney Animation Studios and Pixar Animation Studios, Disneynature, Marvel Studios and Lucasfilm. The Disney Music Group encompasses the Walt Disney Records and Hollywood Records labels, as well as Disney Music Publishing. The Disney Theatrical Group produces and licenses live events, including Disney on Broadway, Disney
[more...]