The Walt Disney Company
Security Specialist II - Vulnerability Management
The Walt Disney Company, Seattle, Washington, us, 98127
Overview
Security Specialist II – Vulnerability Management at The Walt Disney Company. The role focuses on leading enterprise vulnerability management processes with emphasis on automation, risk analysis, and stakeholder communication across business segments. Department Description: At Disney, we’re storytellers. We make the impossible, possible, and unite a range of businesses to deliver unforgettable experiences. The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and collaborative innovation. The Global Information Security (GIS) Organization secures the magic by assessing, preventing, detecting, and responding to cyber threats, enabling the business through integrated security services. Team Description: The Device Security Assurance (DSA) team helps secure Disney’s enterprise through vulnerability risk analysis, zero-day response, and coordination of risk reduction campaigns across Disney brands (including Disney+, Hulu, ESPN, ABC, Pixar, and more). DSA safeguards the digital infrastructure powering experiences for guests worldwide, balancing technical analysis with relationship-building to keep Disney safe. Responsibilities of Role
Lead enterprise vulnerability management processes with a focus on automation, risk analysis, and stakeholder communication across business segments. Provide 24/7 urgent security response as part of on-call rotation, leading rapid assessment and coordination of remediation efforts during critical security events and zero-day vulnerability discoveries. Develop and maintain automated solutions including scripts, tools, and processes to streamline vulnerability validation, prioritization, and remediation tracking. Conduct in-depth vulnerability research and risk assessment to evaluate real-world impact within Disney’s technology environments and business context. Perform advanced data analysis of vulnerability scanning outputs to identify trends, prioritize remediation efforts, and optimize resource allocation. Create and deliver reports translating technical vulnerability data into actionable insights for technical teams and executive stakeholders. Coordinate remediation campaigns across multiple asset owners, operating systems, applications, and business units, including patch management and off-cycle remediation. Serve as technical liaison between segment asset owners and Disney management for vulnerability reporting, exception requests, and risk acceptance decisions. Drive process improvements by identifying automation opportunities, establishing metrics, and implementing solutions to enhance vulnerability management operations. Collaborate with cross-functional teams to establish remediation expectations, provide process training, and ensure consistent vulnerability handling practices. Must Haves
Minimum 3+ years of experience in vulnerability management, threat assessment, or information security with demonstrated enterprise experience. Hands-on experience with enterprise vulnerability management platforms (Tenable, Qualys, Rapid7, Wiz, or similar) for scanning, assessment, and remediation tracking. Strong technical systems knowledge including infrastructure, operating systems, public cloud platforms (AWS, Azure, GCP), and application architectures to assess remediation impact and feasibility. Scripting and automation capabilities with proficiency in Python, PowerShell, Bash, or similar; ability to read, write, debug, and maintain code. Proven analytical and research skills to rapidly assess complex vulnerabilities across diverse technology stacks and translate findings into business risk context. Excellent written and verbal communication skills with experience creating technical documentation, security advisories, and executive-level reports. Experience working in high-pressure, time-sensitive environments with ability to prioritize and coordinate response during security incidents. Nice to Haves
Industry certifications such as CISSP, OSCP, GCIH, GIAC Security Essentials (GSEC), or equivalent. Experience with vulnerability management platforms and security orchestration tools. Previous experience in media, entertainment, or large enterprise environments. Familiarity with compliance frameworks (PCI-DSS, etc.). Education
Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience. #DISNEYTECH The hiring range for this position in Seattle, WA is $109,500 - $146,800 per year and in Burbank, CA is $104,600 - $140,200 per year. The base pay offered will reflect internal equity and may vary based on geographic region, knowledge, skills, and experience. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to benefits.
#J-18808-Ljbffr
Security Specialist II – Vulnerability Management at The Walt Disney Company. The role focuses on leading enterprise vulnerability management processes with emphasis on automation, risk analysis, and stakeholder communication across business segments. Department Description: At Disney, we’re storytellers. We make the impossible, possible, and unite a range of businesses to deliver unforgettable experiences. The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and collaborative innovation. The Global Information Security (GIS) Organization secures the magic by assessing, preventing, detecting, and responding to cyber threats, enabling the business through integrated security services. Team Description: The Device Security Assurance (DSA) team helps secure Disney’s enterprise through vulnerability risk analysis, zero-day response, and coordination of risk reduction campaigns across Disney brands (including Disney+, Hulu, ESPN, ABC, Pixar, and more). DSA safeguards the digital infrastructure powering experiences for guests worldwide, balancing technical analysis with relationship-building to keep Disney safe. Responsibilities of Role
Lead enterprise vulnerability management processes with a focus on automation, risk analysis, and stakeholder communication across business segments. Provide 24/7 urgent security response as part of on-call rotation, leading rapid assessment and coordination of remediation efforts during critical security events and zero-day vulnerability discoveries. Develop and maintain automated solutions including scripts, tools, and processes to streamline vulnerability validation, prioritization, and remediation tracking. Conduct in-depth vulnerability research and risk assessment to evaluate real-world impact within Disney’s technology environments and business context. Perform advanced data analysis of vulnerability scanning outputs to identify trends, prioritize remediation efforts, and optimize resource allocation. Create and deliver reports translating technical vulnerability data into actionable insights for technical teams and executive stakeholders. Coordinate remediation campaigns across multiple asset owners, operating systems, applications, and business units, including patch management and off-cycle remediation. Serve as technical liaison between segment asset owners and Disney management for vulnerability reporting, exception requests, and risk acceptance decisions. Drive process improvements by identifying automation opportunities, establishing metrics, and implementing solutions to enhance vulnerability management operations. Collaborate with cross-functional teams to establish remediation expectations, provide process training, and ensure consistent vulnerability handling practices. Must Haves
Minimum 3+ years of experience in vulnerability management, threat assessment, or information security with demonstrated enterprise experience. Hands-on experience with enterprise vulnerability management platforms (Tenable, Qualys, Rapid7, Wiz, or similar) for scanning, assessment, and remediation tracking. Strong technical systems knowledge including infrastructure, operating systems, public cloud platforms (AWS, Azure, GCP), and application architectures to assess remediation impact and feasibility. Scripting and automation capabilities with proficiency in Python, PowerShell, Bash, or similar; ability to read, write, debug, and maintain code. Proven analytical and research skills to rapidly assess complex vulnerabilities across diverse technology stacks and translate findings into business risk context. Excellent written and verbal communication skills with experience creating technical documentation, security advisories, and executive-level reports. Experience working in high-pressure, time-sensitive environments with ability to prioritize and coordinate response during security incidents. Nice to Haves
Industry certifications such as CISSP, OSCP, GCIH, GIAC Security Essentials (GSEC), or equivalent. Experience with vulnerability management platforms and security orchestration tools. Previous experience in media, entertainment, or large enterprise environments. Familiarity with compliance frameworks (PCI-DSS, etc.). Education
Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience. #DISNEYTECH The hiring range for this position in Seattle, WA is $109,500 - $146,800 per year and in Burbank, CA is $104,600 - $140,200 per year. The base pay offered will reflect internal equity and may vary based on geographic region, knowledge, skills, and experience. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to benefits.
#J-18808-Ljbffr