The Walt Disney Company
Senior Security Engineer, Red Team Operator
Who We Are
At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.
The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.
The Global Information Security (GIS) group provides services to protect the value and use of Disney's information through collaboration, standardization, enforcement, and education across The Walt Disney Company. The main focus areas of this group are:
- Reduce the risk of both accidental and malicious data disclosure
- Identify, monitor, engage with complete inventory of information
- Establish appropriate policies and procedures to be followed
- Educate user community to minimize risk
Team Description
The GIS Red Team performs real world threat emulation with the continual goals of improving organizational readiness, providing advanced simulation for defensive teams, and assessing current control performance for critical TWDC assets. The goal of the Red Team is to continually drive prioritized improvements across TWDC enhancing the cyber security posture of the organization as well as that provide the most accurate insight into the effectiveness of cyber security controls intended to protect TWDC's most valuable assets.
What You Will Do
We Are Hiring! We need a Senior Security Engineer, Red Team Operations to join out Team!
The Senior Security Engineer, Red Team Operations role is responsible for executing simulated cyberattacks as a member of a team, providing subject matter expertise and guidance to junior team members. This role will focus on identifying potential weaknesses and gaps in TWDC systems, network, and applications leveraging offensive security tools and techniques. In this role, you will also collaborate with team members outside of the Red Team to continuously strengthen TWDC's overall security posture.
Responsibilities include:
- Red Team Operations: Participate in all phases of RTO execution life cycle: (recon, initial access, lateral movement/privilege escalation, scenario objective, exfiltration).
- Offensive Security Tools & Techniques: Leverage a variety of offensive security tools, including but not limited to Metasploit, Cobalt Strike, and custom scripts.
- Documentation & Reporting: Create and maintain documentation of attack methodologies, findings, and vulnerabilities identified during operations.
- Continuous Improvement: Participate in post-engagement reviews to identify lessons learned, contribute to refining attack techniques and defensive strategies, and stay up to date with emerging threats, tools, and attack methodologies to enhance the team's capabilities.
Must Have
- 5+ years of experience in a Red Team/Penetration Testing activities
- Experience with web application and network penetration testing
- Experience working with assessments tools/frameworks like Burp, Nessus, Metasploit, Mimikatz, and Cobalt Strike
- Experience customizing/developing in-house scripts and tooling
- Experience working with scripting and development languages like Bash, Powershell, Python, Perl, Ruby, PHP, C/C++,C#, and Java
- In-depth knowledge of operating systems (Unix/Linux, Windows, and Mac)
- In-depth knowledge of networking protocols and systems administration
- One or more of the following certifications:
- OSCP - Offensive Security Certified Professional
- GPEN - GIAC Penetration Tester
- GIAC - GIAC Web Application Penetration Tester
Education
- Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience
#DISNEYTECH
The hiring range for this position in Burbank, California is $126,400.00-$169,500.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.
Top Skills
The Walt Disney Company San Francisco, California, USA Office
The Bay Area is center stage for Disney Pixar, Lucasfilm Ltd. and more. Our technologists are in the heart of Silicon Valley and spearheading our movies, shows and more that are out of this world.
Similar Jobs at The Walt Disney Company
What you need to know about the San Francisco Tech Scene
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine
