The Walt Disney Company Security Application Specialist in San Francisco, California

Disney Streaming Services Information Security team’s mission is to protect services, data, and technology assets of the organization, partners, and cast members. In concert with Disney’s Global Information Security group, the DSS team works on initiatives that prevent, detect, and respond to malicious activity. Risk and threat assessment, incident response, security architecture, vulnerability management, governance and compliance, security awareness and training, security operations, among many other efforts make up the information security program.

This is a key role within the Information Security department that will be focused on application security for our streaming media service and other supporting applications. The application security engineer will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. Creation and execution of a training and awareness program for secure development and best practice is a key component of the role. This person will work closely with Disney’s application security team and will build a community of practice with developers within DSS to support effective communication and collaboration. This person will be the subject matter expert for secure code development and will work with various application engineering teams to develop alternatives for remediation of vulnerabilities.

Responsibilities :

  • Create and run secure code working group with liaisons from various application and services engineering teams

  • Run, maintain, and utilize security tools for the appsec program such as static and dynamic code analysis tools

  • Work with red teams and penetration testers to facilitate exercises and work with application engineering teams on remediation

  • Assist with code reviews

  • Review and contribute to application designs and solutions

  • Build and run secure code training and awareness program

  • Participate in information security operations duties, including occasional incident response escalations

  • Perform risk and threat assessments

Basic Qualifications :

  • Experience with application security

  • Experience in application development with at least one modern programming language

  • Knowledge of OWASP

  • Knowledge of DevOps and Agile methods

  • Experience performing code reviews and with associated applications such as static code analysis tools (Checkmarx, Vericode) in several languages

  • Knowledge of web application architectures

  • Knowledge of threat modeling

  • Knowledge of dynamic code scanners such as AppSec or Qualys.

  • 2+ years of relevant experience

Preferred Qualifications :

  • Media industry experience

  • Other security experience such as incident handling (from appsec perspective), architecture, operations, GRC, etc.

  • Cloud technology, specifically AWS

Required Education :

  • 4-year degree or work experience equivalent

  • CISSP, GIAC, or similar certification

Job ID: 612338BR

Location: San Francisco,California

Job Posting Company: The Walt Disney Company (Corporate)