Sr Security Specialist – Red Team

Job ID 774647BR

Location Burbank, California, United States; Orlando, Florida, United States

Business The Walt Disney Company (Corporate)

Date posted Feb. 27, 2021

Job Summary:

This is position is temporarily remote. Once the current COVID-19 policy is lifted, the candidate will be able to choose one of Disney offices in California, Connecticut, Florida, New York, Texas, and Washington.
At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences.
The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

  1. Analysis of known and emerging threats to determine risks against TWDC assets
  2. Creation, maintenance, governance and communication of security policies and standards across TWDC
  3. Assessment and audit of compliance against the security policies and standards
  4. Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
The Global Information Security – Red Team performs real world threat emulation with the continual goals of improving organizational readiness, providing advanced simulation for defensive teams, and assessing current control performance for critical TWDC assets. The goal of the Red Team is to continually drive prioritized improvements across TWDC enhancing the cyber security posture of the organization. Typical Red Team activities include, but are not limited to:

  • Participate in all phases of Red Team Operations with a strong focus on targeting web applications
  • Support Application Security with full manual penetration testing, tools development, and streamlining processes and procedures.
  • Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS

Responsibilities:

  • Provides situation-based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
  • Develops technical monitoring, assessment and response solutions that meet current specifications
  • Reviews and presents reports (e.g., penetration test results, incident response metrics, forensics, network monitoring metrics), position papers, assessment recaps to team (peers) and next level of leadership within team
  • Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
  • Participate in all phases of Red Team Operations with a strong focus on targeting web applications
  • Support Application Security Team with full manual penetration testing, tools development, and streamlining processes and procedures.
  • Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS

Basic Qualifications:

  • Experience with performing Red Team Operations with a strong focus on web application
  • Experience with modern web application frameworks and tools like Webpack, Yarn, GraphQL, Angular, React, and Vue
  • Expert level web application testing skills
  • Experience working with web assessments tools/frameworks like Burp/Zap/SoapUI
  • Experience customizing/developing in-house scripts and tooling
  • Experience working with scripting and development languages like JavaScript, Python, Perl, Ruby, PHP, C/C++, C#, and Java
  • Licenses / Training
    • GWAPT – GIAC Web Application Penetration Tester
    • eWPT – eLearnSecurity Web application Pentration Tester
  • One or similar of the following certifications:
    • OSWE – Offensive Security Web Expert
    • eWPTXv2 – eLearnSecurity Web application Penetration Tester eXtreme

Required Education

  • BS in computer science or relevant work experience

About The Walt Disney Company (Corporate):

At Disney Corporate you can see how the businesses behind the Company’s powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you’ll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe.

About The Walt Disney Company:

The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise with the following business segments: media networks, parks and resorts, studio entertainment, consumer products and interactive media. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.

This position is with Disney Worldwide Services, Inc., which is part of a business segment we call The Walt Disney Company (Corporate).

Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status or any other basis prohibited by federal, state or local law. Disney fosters a business culture where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a rapidly changing world.

More Information

Apply for this job

Leave your thoughts

Share this job