Associate Security Specialist

3 days ago

Apply Now

Receive Emails with Similar Jobs

The Walt Disney Company

WebsiteLinkedInAll Job Openings

Entertainment • Technology • Media • Movies • Television

10,000+ employees

Founded 1923

📱 Media

💰 Post-IPO Debt on 2020-04

Description

• The Walt Disney Company is a world-class entertainment and technological leader. • Uniting each endeavor is a commitment to creating and delivering unforgettable experiences. • The main focus areas of this group are: Reduce the risk of both accidental and malicious data disclosure. • Identify, monitor, engage with complete inventory of information. • Establish appropriate policies and procedures to be followed. • Educate user community to minimize risk. • The Application Assurance team within GIS is responsible for penetration testing high impact applications. • Manage penetration testing requests via Jira by onboarding applications to the penetration testing team. • Conduct an onboarding call to collect penetration test requirements. • Coordinate and communicate remediation efforts with the penetration tester and the requester. • Regularly check in with multiple business units for ongoing penetration testing projects and status.

Requirements

• Understanding in web application security fundamentals - understanding the OWASP Top 10 vulnerabilities (e.g., SQL Injection, XSS, CSRF) and how these attacks are executed for identifying security flaws in web applications • Programming knowledge - familiarity with languages used in web development (e.g., HTML, JavaScript, PHP, Python) • Networking basics - knowledge of TCP/IP, HTTP/HTTPS, DNS, and other networking protocols • Operating systems - comfort with multiple OS environments (e.g., Linux, Windows) and commands used in pen testing, such as command-line tools for scanning, enumerating, and gaining access • Scripting - ability to write or modify scripts, usually in Python or Bash, to automate repetitive tasks and customize exploits • Must have ability to create risk and operational metrics from complex data • Expertise in data analysis for preparing and presenting reports for verbal and written presentations across teams • Familiarity with one of the frameworks such as NIST, PTES (Penetration Testing Execution Standard), OSSTMM (Open Source Security Testing Methodology Manual), etc. • Must understand of PCI requirements as it relates to pen testing.

Benefits

• A bonus and/or long-term incentive units may be provided as part of the compensation package, • Full range of medical, financial, and/or other benefits, • Dependent on the level and position offered.