Sr Cybersecurity Technical Specialist

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies, and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance and protect these exciting experiences. 
 

The Attractions Operational Technology (AOT) Cybersecurity team provides services and solutions to secure and enhance the reliability of the computer and control networks on which the rides and shows run in our theme parks.  This is done through risk evaluation, collaboration, standardization, enforcement, and education across the business segment.  Our team has efforts engaged in both the new themed attractions as well as our legacy attractions.  Our processes are divided amongst design and architecture, monitoring and logging, and vulnerability management.  
 

We are looking for a team member with a passion for security in an operational technology setting.  The successful candidate will demonstrate a friendly, collaborative approach to applying their skills – both through requesting and offering feedback to the team members that surround them. 

The AOT Cybersecurity team partners with many other divisions to design, build and integrate cybersecurity solutions that proactively protect Disney assets, systems, data, and guests in our parks. 
 

What You Will Do: 

The Sr Cybersecurity Technical Specialist – Vuln Mgmt is responsible for developing the strategic advancement and operational excellence of the AOT Cyber team vulnerability management toolsets and processes, including but not limited to: 

• Understanding the operational technology (OT) sensitivities to change and explain a strategic approach for addressing vulnerabilities discovered therein. 

• Leading the requirements gathering conversations internally and with partner teams while creating a strategic proposal for implementation of a software patch tooling solution.  

• Managing the vendor interaction through all phases of POC, acceptance testing, deployment, and enrollment of endpoints. 

• Responsibility for the reliability of the underlying vuln mgmt server architecture and related configurations. 

• Ability to partner with and integrate vuln mgmt solutions with existing virtualization, IAM, logging and monitoring toolsets. 

• Creating a strategy for recurring automated patching of both windows and linux endpoints. 

• Communicating with and build consensus with system owners throughout the onboarding phase of their endpoints into the vuln mgmt solution. 

• Leading development of intra-team vuln mgmt solutions which may include technologies including automation, digital assignment, tracking and notification activities. 

• Developing a consistent risk-based approach for rating vulnerabilities in the Disney parks OT networks while considering all contextual factors. 

• Providing subject matter expert guidance to domestic Disney parks attractions OT cyber teams as well as international site teams. 

• Continuous creation of documentation that captures the technical details of the vuln mgmt process flows in order to ensure consistent, repeatable results regardless of the operator. 

• Leading the efforts of team technical specialists in a manner that prioritizes their focus as they perform the field work to bring endpoints into cyber compliance. 
   

Required Qualifications & Skills: 

• Minimum 5+ years of experience in a technology organization, with at least 3 years of information security experience supporting a moderate to large, federated organization. 

• Strong analytical skills: ability to analyze, interpret, recommend, and communicate solutions to vulnerability patching related projects and objectives. 

• Ability to multi-task, manage, prioritize, and organize one’s own time while delivering accurately, on-time, and with attention to detail. 

• Ability to understand and articulate complex business issues in a clear, concise, and easily consumable format. 

• Ability to develop strong and effective working relationships. 

• Able to problem solve and perform necessary research to identify relevant solutions. 
   

Required Education: 

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Software Engineering, or comparable field of study - or substantial relevant professional experience. 
   

Preferred Qualifications: 

• Vulnerability Mgmt or Patching related product certification, SANS GIAC or Infosec certifications such as GIAC GSEC, GICSP, GCIP, or GRID. 

• Experience building or supporting information systems in an Operational Technology environment (utility, manufacturing, transportation, medical, or themed entertainment).