CyberSecurity Engineer

*Provides situation-based support, using in-depth knowledge of industry technology, controls, and policies to ensure system designs align with Disney security requirements and industry best practices.





*Creates, reviews, and presents security architecture reviews and cybersecurity risk assessments to the team (peers), executive leadership, and customers.



*Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents.



*Develops and documents technical solutions that meet specifications and impact future developments (e.g., process flows, requirements documents, data flows, mapping to controls).



*Identifies, selects, develops, and documents architecture artifacts (reference architectures, standards, policies, reusable designs, best practices).



*Researches, learns, and evaluates new technologies



. *Leads discussions, assessments, tracking, and overall reporting of technology security risks.



*Documents issues, solutions, and status of assigned work.



*Understands business drivers and processes to evaluate risk and recommend solutions with a balanced result. *Promotes awareness of applicable security policies and standards



. *Assists with the maintenance of metrics and scorecards in support of the information security program.

*5-8 years of experience in Information Technology and/or information technology/cyber security and/or cyber risk management



. *5 years of experience with 3 or more of the following areas: Security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.





*1-3 years of practical cloud information security experience with a preference to have experience with major cloud service providers (e.g., Amazon Web Services (AWS), Microsoft Azure, Google Cloud, etc.).



*Demonstrated experience in creating conceptual, logical, and physical security diagrams, with a thorough understanding of vulnerabilities and countermeasures.



*Maintains a strong familiarity with information security compliance programs and regulations



. *Detailed understanding of identity, access, and authentication mechanisms (Kerberos, NTLM, AD), networking technologies, software-defined computing, containerization, routing and switching, big data, elastic compute, and risk analysis and risk management methodologies.



*Experience in information management, protection, and security control design and implementation.



*Familiarity with a broad range of cybersecurity frameworks and threat modeling concepts such as STRIDE, MITRE ATT&CK, and NIST publications (particularly 800-53 and 800-30).

two or more senior Information Security or cloud certifications(e.g., CISSP, CCSP, GIAC, Security+, AWS Certified Public Cloud Architect, MCSE cloud, VMWare VCP6 cloud, EMCCAcloud computing Architect)

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.