Job Description

Job Summary:

Our charter is to provide a world-class product that weaves our culture of safety into the guest experience. To this end, this position requires a unique blend of creativity, technical mastery, collaboration, and a clear understanding of the direction to design solutions to complex problems as a member of Disneyland Resort’s Global Engineering and Technology group. The successful candidate will come to the table with a good measure of technical experience, a strong educational background, and an ardent drive for continuous self-improvement. This position is for a Cybersecurity engineer or technical specialist who is also proficient in cybersecurity skills as detailed below. The primary tasks of this position will be to assess cybersecurity control implementations in Disneyland’s existing and incoming control systems against company and attractions policy.

Responsibilities:

Work with a larger Cyber Security Team at the Disneyland Resort to:

Develop, lead and support complex risk assessments and compliance reviews using Disney corporate and attractions security policy guidelines as well as leading frameworks (e.g., ISO, COBIT, NIST, etc.) at the process, application, system, and network environment level
Provide subject matter expertise in all aspects of risk management (primarily risk assessments) to effectively communicate risk to key stake holders
Maintain risk register, develop relevant metrics and reports around assessment outcomes, risk levels, observations, findings, remediation progress and/or efforts
Ensure emerging risks are identified and escalated appropriately and in a timely manner
Help ensure that stakeholders are aligned to policy, standards, procedures, etc.
Deconflict policies from multiple authorities to define a minimum vulnerability standard
Understand vulnerability data and test effectiveness in OT environments
Document risk through practical experience with GRC tools including Archer
Communicate vulnerability mitigating enhancements to endpoint security solution team
Optimize security tool deployments and introduce scalable processes across Cyber Security capabilities
Specify, design and build network security devices and other cyber components into industrial control systems and networks
Troubleshoot, maintain, and document the same
Help translate industry best practices into Disney policies
Stay current on industry trends and technological advances

Basic Qualifications:

>5 years of experience in a technical role in support of detecting and cataloging risk to complex networked systems
Practical experience with one or more:
Perform network penetration, application, wireless network, and control implementation assessments
Create testing scenarios that validate or invalidate threats to OT systems to provide enriched threat analysis
Utilize Security Vulnerability Scanning Tools (Tenable Nessus/Security Center/Tenable.OT)
Operate Metasploit, Burp Suite, CrackMapExec, Nmap, and other assessment tools
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Utilize automation and scripting tools or an understanding of programming language
Ability to work individually with minimal supervision and as an integral part of a team
Proficient in all forms of communication—especially when conveying technical details to a non-technical audience
Communicates using collaborative tools including Microsoft Teams, Slack, Jira, and Gitlab effectively
Knowledgeable in network and system security procedures, best practices, and implementation of network documentation and diagramming
Able to work non-traditional hours, in non-traditional settings
This includes occasional weekends, evenings, and holidays or in backstage areas that could include dark spaces, elevated walkways, and industrial environments

Preferred Qualifications:

Prior experience in an entertainment?venue?or?attractions/theme park?industry
Prior experience or a strong understanding of how to approach?network security?within an?OT/ICS?environment

Required Education

BA/BS degree in Computer Science, Cybersecurity, related Software?or Electrical?Engineering field or equivalent work experience
One or more general security certifications including Security+, CySA+, CASP+, GSEC, CISSP, or other relevant certifications

Preferred Education

MS?degree in Computer Science, Cybersecurity, related Software?or Electrical?Engineering field or equivalent work experience
One or more vulnerability assessment or auditing certification including CISSA, CEH, CISM, GPEN, GCCC, GSNA, OSCP or other relevant certifications