The Walt Disney Company Security Application Specialist in New York, New York
Disney Streaming Services Information Security team’s mission is to protect services, data, and technology assets of the organization, partners, and cast members. In concert with Disney’s Global Information Security group, the DSS team works on initiatives that prevent, detect, and respond to malicious activity. Risk and threat assessment, incident response, security architecture, vulnerability management, governance and compliance, security awareness and training, security operations, among many other efforts make up the information security program.
This is a key role within the Information Security department that will be focused on application security for our streaming media service and other supporting applications. The application security engineer will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. Creation and execution of a training and awareness program for secure development and best practice is a key component of the role. This person will work closely with Disney’s application security team and will build a community of practice with developers within DSS to support effective communication and collaboration. This person will be the subject matter expert for secure code development and will work with various application engineering teams to develop alternatives for remediation of vulnerabilities.
Create and lead secure code working group with liaisons from various application and services engineering teams.
Utilize security tools for the appsec program such as static and dynamic code analysis tools and develop continual improvement program.
Coordinate red teams and penetration testers to facilitate exercises and work with application engineering teams on remediation. Oversee remediation efforts
Assist with code reviews and create secure reusable patterns.
Review application designs and solutions. Provide assessments.
Lead secure code training and awareness program.
Participate in information security operations duties, including occasional incident response escalations.
Perform risk and threat assessments.
Basic Qualifications :
3+ years of relevant experience
Experience with application security
Experience in application development with at least one modern programming language.
Knowledge of OWASP
Knowledge of DevOps and Agile methods
Experience performing code reviews and with associated applications such as static code analysis tools (Checkmarx, Vericode) in several languages
Knowledge of web application architectures
Knowledge of threat modeling
Knowledge of dynamic code scanners such as AppScan or Qualys.
Media industry experience
Other security experience such as incident handling (from appsec perspective), architecture, operations, GRC, etc.
Cloud technology, specifically AWS
Required Education :
4-year degree or work experience equivalent
CISSP, GIAC, or similar certification
Job ID: 612338BR
Location: New York,New York
Job Posting Company: Direct-to-Consumer and International