REMOTE Application Security Analyst

This role helps protect Disney guests and the Disney brand from security incidents. They partner with product engineering teams to ensure that products are designed, built, and operated using security best practices. They influence and teach product engineering teams to take deep ownership of security in all aspects of their respective roles.



- Perform activities such as threat modeling, secure code reviews, security testing and vulnerability triage across various Disney Entertainment (DE) applications.

- Analyze DE's security posture, identify gaps, and work closely with cross functional teams to implement controls and ensure strong operational security.

- Provide security guidance to application and service owners to remediate known security vulnerabilities.

- Improve upon and further integrate the Secure Development Lifecycle (SDLC) into product design and engineering efforts.

- Prepare and present reports and metrics to management and other stakeholders on DE's security posture, including trend analysis, KPIs, KRIs, and recommendations for improvements.

- The employee will work out of our ticketing system taking on tasks related to Product Security reviews and projects at Disney Entertainment. The employee is expected to prioritize multiple tasks independently, within the constraints of Program guidelines, processes and procedures.

- The employee will largely be self-directed working within guidelines, processes and procedures established by the Program Lead and Director of Product Security.

- The employee is expected to collaborate with other team members and calibrate their judgement and advice given.

- In cases where a business risk exception is needed, the employee will escalate to her/his manager for guidance and visibility.

- The employee is expected to work independently, but also to seek clarification, support, and/or guidance from other staff or Leadership as needed.

- 0 to 2 years of relevant experience working within product/application security

- Solid knowledge of general security threats, attack vectors, and vulnerabilities

- Ability to break down and communicate technically complex security situations and impacts for a non-technical audience

- Proactive, organized, analytical, detail-oriented and persistent

- Demonstrated ability to work in a challenging, dynamic, and fast-paced environment with limited supervision.

- Strong sense of ethics and responsibility, in order to maintain the confidentiality and trust of the organization and its stakeholders

- Candidate should be able to succeed in both independent and collaborative work scenarios

- 1 to 3 years of relevant experience working within product/application security with prior development experience

- Strong knowledge of general security threats, attack vectors, and vulnerabilities.

- Proven experience and in-depth knowledge with software development methodologies, CI/CD, and DevSecOps.

- Knowledge of automated attack tools and developing mitigation techniques.

- Knowledge of public cloud services (AWS, Azure, GCP, etc.)

- Understanding of infrastructure and application architecture with emphasis on security by design

- Demonstrate strong technical capability and experiences across a broad range of technical disciplines.

- Solid experience with using knowledge management and code repositories, including Github, Gitlab, Jira, and Confluence

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.