Security Engineer - Security Assurance

Who We Are

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.

• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.

• Strengthen the business through optimizing execution, application, and technology used to protect the Company.

• Innovate by investing in core capabilities to enhance operational efficiency.

Team Description

The Security Research and Testing (SRT) team specializes in simulating real-world cyberattacks to uncover vulnerabilities and evaluate the effectiveness of Disney Experiences (DX) and Disney Corporate (Corp) technology systems' security measures. By mimicking tactics used by malicious actors, the SRT team provides critical insights into potential weaknesses. They work closely with both technology and business teams across DX and Corp to analyze findings, strengthen security policies, and recommend targeted improvements to address gaps in infrastructure, processes, and training, ensuring a robust and resilient security posture.  

What You Will Do

We are hiring!  We need a Security Engineer – Security Assurance to join our Disney Experience (DX) Security Research & Testing (SRT) Team!

Responsibilities:

• Evaluate system and application configurations to identify security misconfigurations. 

• Conduct compliance checks against security standards: CIS Benchmarks, NIST, and TWDC policies. 

• Review firewall, server, and endpoint configurations to ensure alignment with security policies. 

• Analyze configurations to identify potential vulnerabilities such as open ports, weak encryption, or default credentials. 

• Use automated tools and scripts to detect misconfigurations and vulnerabilities. 

• Perform manual and automated testing of security settings on systems, applications, and networks. 

• Simulate attacks or misuses to test the resilience of configurations. 

• Document findings in detailed reports, including identified issues, potential impacts, and remediation recommendations. 

• Communicate results to stakeholders, including technical and non-technical audiences. 

• Provide recommendations to address misconfigurations and improve security posture. 

• Work with IT teams to implement fixes and validate corrective actions. 

• Assist in developing and maintaining security configuration baselines and standards.  

• Proactively recommend adjustments to configurations to mitigate risks. 

Must Have

• Minimum of 3+ years of related IT security testing experience such as Penetration Testing, Adversarial Testing, Red Team Testing

• Experience conducting comprehensive cyber security testing of technology solutions within large-scale, complex, and dynamic IT environments.

• Proficient in system hardening testing for operating systems (Windows, Linux, macOS).

• Experience with Cloud Solutions (Azure, GCP, AWS) and Software as a Service (SaaS) solution.

• Knowledge of network devices (routers, switches, firewalls) and their secure configurations, and configuration management & auditing tools.

• Understanding of security frameworks and standards (NIST, CIS, etc.)

Nice to Have

• OffSec or other advanced security testing certifications

• Major cloud provider platform certification (e.g. AWS Solution Architect, Google Cloud Engineer, Microsoft Solution Architect, etc.) 

• Security accreditation (e.g., CISSP, GCIH, CISM, GSEC, CEH, etc.) 

Education

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

#DISNEYTECH

#LI-JP4