The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:
- Analysis of known and emerging threats to determine risks against TWDC assets
- Creation, maintenance, governance and communication of security policies and standards across TWDC
- Assessment and audit of compliance against the security policies and standards
- Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
We look to add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work.
The Senior Security Specialist will focus on Vulnerability Management Platform ensuring vulnerability scanning is done in the most expedient and efficient manner that is non-disruptive to business operations worldwide, monitoring, detection and alerting are keeping pace with the continuously evolving cyber security landscape. In additional to oversight of the vulnerability management platform, the Sr. Security Specialist will also oversee and drive the network enumeration program.
- Subject Matter Expert for the Vulnerability Management and Network Enumeration Platforms
- Partner with service provider to ensure proper support and maintenance of the Vulnerability Management platform
- Technically advance, support and maintain the Enumeration Platform
- Ensure best practices for development, tuning of vulnerability scanning across the Enterprise environment
- Partner and lead the Managed Security Services provider to ensure software currency across the vulnerability management platform. Monitor to ensure they are providing excellent Vulnerability Scans throughout all of The Walt Disney Company
- Effectively communicate ideas in verbal, written, and visual forms.
- Assist with financial planning for security projects, maintenance and some cost analysis along with operations and risk metric development and analysis.
- Mentor and coach junior members of the Security Operations team in best practices and risk versus reward analysis and decisions
- Ensure all operational processes are documented, exercised and continually improved.
- Participation in regular on-call rotation with other members of the Security Operations team.
- Minimum 5-7 years security operations experience in large global organizations with a focus on management of security tools and technology platforms.
- At least 5 years of IT experience in three or more areas (i.e. infrastructure, network, Client Server, application, desktop OS,)
- At least 3 years experience operating a vulnerability scanning tool (Qualys, Tenable, Nexpose, Retina, etc.)
- 5+ years’ experience operating a vulnerability scanning tool (Qualys, Tenable, Nexpose, Retina, etc.)
- Expert level of experience supporting a Vulnerability Management platform across a large enterprise with awareness of potential scanning impacts
- Experience in information management and information technology security design and implementation.
- Candidates should have experience working with multiple teams and organizations, translating security and vulnerability requirements into terms both leaders and technical implementers can use.
- Demonstrated experience with security event logs from various Operating Systems and appliances
- Strong understanding of CVSS Scoring and Risk Management
- Demonstrated experience in creating conceptual, logical and physical security diagrams, Thorough understanding of vulnerabilities and countermeasures.
- Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.)
- Experience with APIs, SQL
- Detailed understanding of TCP/IP and related communication protocols, Windows authentication mechanisms (Kerberos, NTLM, AD), networking technologies, routing and switching, and risk analysis and risk management methodologies.
- Able to manage vendor interactions, driving feature requests, corrective action and root cause analysis.
- Knowledge of multiple vulnerability management platforms such as Qualys, Tenable.IO, Tenable.SC
Licenses / Training
- Prefer one of the following general certifications: CISSP/GIAC/CASP/C|EH/C|CISO/CISM or equivalent
- Prefer an application-specific certification: Qualys Certifications, Tenable Certifications
BA/BS in business or Computer Science or appropriate work experience
Masters or other advanced degree preferred