Sr Security Specialist, VM

Job Description

At Disney, we're storytellers. We make the impossible, possible. We do this through utilizing and developing cutting-edge technology and pushing the envelope to bring stories to life through our movies, products, interactive games, parks and resorts, and media networks. Now is your chance to join our talented team that delivers unparalleled creative content to audiences around the world.

Enterprise Vulnerability Management ensures that IP-enabled devices connected to TWDC's networks and used for conducting and delivering Disney business are known, secure and managed to an acceptable risk level. Vulnerability Management programs protect TWDC intellectual property and data by ensuring servers are compliant with:

• IT Security Policies and Standards
• Data Handling Standards
• Minimum Security Baselines
• Industry and vendor-specific vulnerabilities

The Enterprise Vulnerability Management team is responsible for the full cycle of vulnerability management across all segments of The Walt Disney Company. Infrastructure and application vulnerabilities are assessed within the context of the technologies used at TWDC. Risk-based remediation activities identified and coordinated across diverse stakeholders company-wide. Server compliance is monitored via periodic scans from various IT Security tools. Areas of non-compliance identified and documented.

Employment Type

Full Time

Alternate Location-State/Region

CA

Job Posting - Business

The Walt Disney Company (Corporate)

Additional Information

• This position is a legal entity of The Walt Disney Company, an equal opportunity employer.

Primary Job Posting Category

Technology

Basic Qualifications

• Minimum 5 years of practical technology experience with some experience in information security discipline.
• Must have knowledge of and experience applying information security components, principles, practices, and procedures
• Demonstrated experience in systems administration, application infrastructure support and middleware operation
• Some experience with SQL languages (SQL, T-SQL) with advanced analytic SQL functions skills on the Microsoft SQL Server database platform
• Proven knowledge of core Internet and networking protocols (DNS, DHCP, TCP/IP, ARP, HTTP, HTTP/S, SSH) and IP communication is required.
• Proven knowledge of data center, mobile, and IoT (internet of things) infrastructure technologies is required: Apple, Android, Windows, and Linux operating systems and associated technologies.
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
• Ability to investigate and analyze complex scenarios and solve problems in innovative ways
• Passionate about using data to solve pressing and/or difficult questions
• Ability to work effectively in a cross-functional and highly collaborative environment; shares responsibility well and is flexible in work assignments.
• Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment. Ability to rapidly assess a situation and identify, isolate and communicate problems and issues
• Able to engage individuals and teams to evangelize processes, provide guidance constructively and in the context of the business need.
• Able to produce and review process and procedural documentation, including knowledge base articles, workflows, and overview presentations, all with great attention to detail.
• Superior judgment, problem resolution, team building, negotiation, and decision-making skills as well as the ability to work under continual deadline pressure.
• Applies skills as a seasoned experienced professional with a full understanding of industry practices and company policies and procedures. Resolves a wide range of issues in imaginative and as well as practical ways.
• Able to remain productive despite ambiguity; uses professional concepts and company objectives to resolve complex issues creatively and effectively.
• Able to scope tasks, technical requirements and estimate timelines independently for medium-to-large size projects.
• One or more Information Security certifications (e.g. CISSP or GIAC)

Job Posting - Primary Brand

The Walt Disney Company (Corporate)

Required Education

• High School Diploma or equivalent
• Some college courses or associate's degree with focus in engineering, sciences, or IT

Preferred Qualifications

• Demonstrates some proficiency in one or more programming language, i.e., ASP.NET, C#, PHP, Python
• Some experience working with DevOps methodologies
• ITIL Foundations certification

Primary Location-Postal Code

98104

Job Description

At Disney, we're storytellers. We make the impossible, possible. We do this through utilizing and developing cutting-edge technology and pushing the envelope to bring stories to life through our movies, products, interactive games, parks and resorts, and media networks. Now is your chance to join our talented team that delivers unparalleled creative content to audiences around the world.

Enterprise Vulnerability Management ensures that IP-enabled devices connected to TWDC's networks and used for conducting and delivering Disney business are known, secure and managed to an acceptable risk level. Vulnerability Management programs protect TWDC intellectual property and data by ensuring servers are compliant with:

• IT Security Policies and Standards
• Data Handling Standards
• Minimum Security Baselines
• Industry and vendor-specific vulnerabilities

The Enterprise Vulnerability Management team is responsible for the full cycle of vulnerability management across all segments of The Walt Disney Company. Infrastructure and application vulnerabilities are assessed within the context of the technologies used at TWDC. Risk-based remediation activities identified and coordinated across diverse stakeholders company-wide. Server compliance is monitored via periodic scans from various IT Security tools. Areas of non-compliance identified and documented.

Employment Type

Full Time

Additional Information

• This position is a legal entity of The Walt Disney Company, an equal opportunity employer.

Basic Qualifications

• Minimum 5 years of practical technology experience with some experience in information security discipline.
• Must have knowledge of and experience applying information security components, principles, practices, and procedures
• Demonstrated experience in systems administration, application infrastructure support and middleware operation
• Some experience with SQL languages (SQL, T-SQL) with advanced analytic SQL functions skills on the Microsoft SQL Server database platform
• Proven knowledge of core Internet and networking protocols (DNS, DHCP, TCP/IP, ARP, HTTP, HTTP/S, SSH) and IP communication is required.
• Proven knowledge of data center, mobile, and IoT (internet of things) infrastructure technologies is required: Apple, Android, Windows, and Linux operating systems and associated technologies.
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
• Ability to investigate and analyze complex scenarios and solve problems in innovative ways
• Passionate about using data to solve pressing and/or difficult questions
• Ability to work effectively in a cross-functional and highly collaborative environment; shares responsibility well and is flexible in work assignments.
• Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment. Ability to rapidly assess a situation and identify, isolate and communicate problems and issues
• Able to engage individuals and teams to evangelize processes, provide guidance constructively and in the context of the business need.
• Able to produce and review process and procedural documentation, including knowledge base articles, workflows, and overview presentations, all with great attention to detail.
• Superior judgment, problem resolution, team building, negotiation, and decision-making skills as well as the ability to work under continual deadline pressure.
• Applies skills as a seasoned experienced professional with a full understanding of industry practices and company policies and procedures. Resolves a wide range of issues in imaginative and as well as practical ways.
• Able to remain productive despite ambiguity; uses professional concepts and company objectives to resolve complex issues creatively and effectively.
• Able to scope tasks, technical requirements and estimate timelines independently for medium-to-large size projects.
• One or more Information Security certifications (e.g. CISSP or GIAC)

Required Education

• High School Diploma or equivalent
• Some college courses or associate's degree with focus in engineering, sciences, or IT

Preferred Qualifications

• Demonstrates some proficiency in one or more programming language, i.e., ASP.NET, C#, PHP, Python
• Some experience working with DevOps methodologies
• ITIL Foundations certification

Preferred Education

• BA/BS in information technology, computer science, computer engineering or equivalent.

Responsibilities

Information Security Specialist, Vulnerability Management, has a broad range of responsibilities within the Global Information Security vulnerability management program, with emphasis on risk assessment, remediation, and customer engagement to ensure the removal of vulnerabilities from the technology environment. This role is directly responsible for infrastructure and application vulnerability research, analysis, categorization, and communication of risks posed in the context of technologies in use within TWDC. This role will work closely with other members of the Vulnerability Management team to ensure the effective and efficient execution of vulnerability treatments by diverse customer groups across the Enterprise. Other responsibilities include and are not limited to:

• Evaluate all new security vulnerabilities identified by vendors of technologies used within the Enterprise
• Investigate solutions and mitigations for vulnerabilities present within the Enterprise, and propose remediation in collaboration with the subject matter experts
• Support execution of vulnerability management programs through meeting facilitation, activity measurement, customer engagement, and program education
• Perform barrier analysis on vulnerability remediation and work with Information Security and Operations teams to identify and implement corrective measures
• Develop reports that reflect vulnerability management program effectiveness and efficiency and perform targeted historical analysis; review historical trending data and recommend improvement opportunities
• Partner with engineering and automation teams to identify opportunities to automate common vulnerability management analysis and remediation functions
• Work with Security Architecture and technology stakeholders to inform the development secure configuration standards