Job Description

　　This role helps protect Disney guests and the Disney brand from security incidents. They partner with product engineering teams to ensure that products are designed, built, and operated using security best practices. They influence and teach product engineering teams to take deep ownership of security in all aspects of their respective roles.

　　Perform activities such as threat modeling, secure code reviews, security testing and vulnerability triage across various Disney Entertainment (DE) applications.

　　Analyze DE's security posture, identify gaps, and work closely with cross functional teams to implement controls and ensure strong operational security.

　　Provide security guidance to application and service owners to remediate known security vulnerabilities.

　　Improve upon and further integrate the Secure Development Lifecycle (SDLC) into product design and engineering efforts.

　　Prepare and present reports and metrics to management and other stakeholders on DE's security posture, including trend analysis, KPIs, KRIs, and recommendations for improvements.

　　The employee will work out of our ticketing system taking on tasks related to Product Security reviews and projects at Disney Entertainment. The employee is expected to prioritize multiple tasks independently, within the constraints of Program guidelines, processes and procedures.

　　The employee will largely be self-directed working within guidelines, processes and procedures established by the Program Lead and Director of Product Security.

　　The employee is expected to collaborate with other team members and calibrate their judgement and advice given.

　　In cases where a business risk exception is needed, the employee will escalate to her/his manager for guidance and visibility.

　　The employee is expected to work independently, but also to seek clarification, support, and/or guidance from other staff or Leadership as needed.

　　Skills and Requirements

　　0 to 2 years of relevant experience working within product/application security

　　Solid knowledge of general security threats, attack vectors, and vulnerabilities

　　Ability to break down and communicate technically complex security situations and impacts for a non-technical audience

　　Proactive, organized, analytical, detail-oriented and persistent

　　Demonstrated ability to work in a challenging, dynamic, and fast-paced environment with limited supervision.

　　Strong sense of ethics and responsibility, in order to maintain the confidentiality and trust of the organization and its stakeholders

　　Candidate should be able to succeed in both independent and collaborative work scenarios - 1 to 3 years of relevant experience working within product/application security with prior development experience

　　Strong knowledge of general security threats, attack vectors, and vulnerabilities.

　　Proven experience and in-depth knowledge with software development methodologies, CI/CD, and DevSecOps.

　　Knowledge of automated attack tools and developing mitigation techniques.

　　Knowledge of public cloud services (AWS, Azure, GCP, etc.)

　　Understanding of infrastructure and application architecture with emphasis on security by design

　　Demonstrate strong technical capability and experiences across a broad range of technical disciplines.

　　Solid experience with using knowledge management and code repositories, including Github, Gitlab, Jira, and Confluence null

　　We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected].