Staff Cybersecurity Reliability Engineer

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.
• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance operational efficiency.

Team Description:

We are defenders of the magic, waging an epic battle to ­­­­­­safeguard our franchises, protect our people, and ensure the world’s most admired entertainment company is not disrupted by cybersecurity threats.  We are partners in protecting Disney’s highly respected portfolio including Marvel Studios, Pixar Animation Studios, Lucasfilm, Disney Live Action Films, Walt Disney Animation Studios, Searchlight Pictures, and 20th Century Studios.  

The Studios Cybersecurity team are seeking a Staff Cybersecurity Reliability Engineer (CRE), to join our team. You will be responsible for integrating security practices into our workflow to ensure the continuous delivery of secure and reliable software/hardware solutions. You will work closely with development, operations, and security teams to identify potential vulnerabilities, implement security measures, and automate security processes. Your role is crucial in fostering a secure DevOps culture, enhancing the organization's security posture, design, architect, and build risk mitigation solutions while maintaining compliance with relevant regulations and best practices. 

Responsibilities of Role:

• CRE Integration: Advise and consult on integrating security practices, tools, and automation into the team pipelines, ensuring that security is a fundamental aspect of the software development lifecycle as well as hardware configuration, security maintenance and lifecycle. 

• Secure Infrastructure: Partner with various stakeholders and engineers to design, build, implement, and maintain secure infrastructure configurations for cloud platforms and on-premises environments. Apply security best practices to servers, networks, and other critical infrastructure components. 

• Continuous Security Monitoring: Partner with the TWDC Global Information Security team to ensure security monitoring tools and processes to detect security incidents, anomalies, and potential threats in real-time are efficiently in place. 

• Security Testing Automation: Collaborate with teams to develop and maintain security testing scripts, including static code analysis, dynamic application security testing (DAST), and container security scanning. 

• Vulnerability Management: Collaborate with development and operations teams to remediate identified critical issues promptly. Build automated patching and preventative capabilities to secure the environment. 

• Support and participate in incident response efforts, investigating and addressing security incidents, and contributing to post-incident reviews. 

• Secure CI/CD Pipeline: Partner with the development community on best practices to secure and optimize the continuous integration and continuous delivery (CI/CD) pipelines, including code scanning, automated testing, and deployment security. 

• Threat Intelligence: Stay up to date with the latest security threats, vulnerabilities, and industry trends. Leverage threat intelligence to proactively enhance security measures. 

• Security Awareness: Promote security awareness and training across the organization, educating developers and operations teams about secure coding, configuration management, and other security-related topics. 

• Cloud Security: Implement security controls and best practices for cloud services and platforms, such as AWS, Azure, or GCP. 

• Automation: Develop and maintain security automation scripts and tools to streamline security processes and reduce manual intervention. 

• Collaboration: Collaborate effectively with cross-functional teams to ensure security requirements are considered throughout the DevOps workflow. 

Must Haves: 

• Minimum of 7+ years of experience working in a technical, hands-on, cybersecurity engineering role. 

• Experience with one or more programming or scripting languages – i.e PowerShell, Python, Java, C#, VB, VBA, Ruby, NodeJS, SQL, etc. 

• Experience in securing cloud platforms and services (e.g., AWS, Azure, GCP) and implementing cloud security best practices.  

• Experience with automation tools and frameworks to streamline security processes (e.g., Ansible, Puppet, Chef).  

• Strong understanding of DevOps principles, CI/CD pipelines, and configuration management tools (e.g., Jenkins, Git, Ansible, Terraform, Kuberbetes);  

• In-depth knowledge of information security principles, standards, best practices, and industry frameworks (e.g., OWASP, NIST, CIS);  

• Understanding of security practices for servers, networks, containers, and virtualization technologies;  

• Familiarity with security testing tools, vulnerability scanners, and security monitoring solutions;

Nice to haves:

• One or more current security related certifications (e.g., CISSP, SANS GIAC, etc.) 

• One or more cloud security certifications (AWS, Azure, GCP, CCSP).  
• Maintains current knowledge of emerging AI technologies and invests in personal development within the AI field.

Education: 

• Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

The hiring range for this position in Burbank is $141,900.00 to $190,300.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.