The Walt Disney Company Security Application Specialist in San Francisco, California
Disney Streaming Services Information Security team’s mission is to protect services, data, and technology assets of the organization, partners, and cast members. In concert with Disney’s Global Information Security group, the DSS team works on initiatives that prevent, detect, and respond to malicious activity. Risk and threat assessment, incident response, security architecture, vulnerability management, governance and compliance, security awareness and training, security operations, among many other efforts make up the information security program.
This is a key role within the Information Security department that will be focused on application security for our streaming media service and other supporting applications. The application security engineer will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. Creation and execution of a training and awareness program for secure development and best practice is a key component of the role. This person will work closely with Disney’s application security team and will build a community of practice with developers within DSS to support effective communication and collaboration. This person will be the subject matter expert for secure code development and will work with various application engineering teams to develop alternatives for remediation of vulnerabilities.
Create and run secure code working group with liaisons from various application and services engineering teams
Run, maintain, and utilize security tools for the appsec program such as static and dynamic code analysis tools
Work with red teams and penetration testers to facilitate exercises and work with application engineering teams on remediation
Assist with code reviews
Review and contribute to application designs and solutions
Build and run secure code training and awareness program
Participate in information security operations duties, including occasional incident response escalations
Perform risk and threat assessments
Basic Qualifications :
Experience with application security
Experience in application development with at least one modern programming language
Knowledge of OWASP
Knowledge of DevOps and Agile methods
Experience performing code reviews and with associated applications such as static code analysis tools (Checkmarx, Vericode) in several languages
Knowledge of web application architectures
Knowledge of threat modeling
Knowledge of dynamic code scanners such as AppSec or Qualys.
2+ years of relevant experience
Preferred Qualifications :
Media industry experience
Other security experience such as incident handling (from appsec perspective), architecture, operations, GRC, etc.
Cloud technology, specifically AWS
Required Education :
4-year degree or work experience equivalent
CISSP, GIAC, or similar certification
Job ID: 612338BR
Location: San Francisco,California
Job Posting Company: The Walt Disney Company (Corporate)