Security Engineer - Security Architecture and Engineering
Company: The Walt Disney Company
Location: Burbank
Posted on: April 4, 2026
|
|
|
Job Description:
Job Posting Title: Security Engineer - Security Architecture and
Engineering Req ID: 10137015 Job Description: Department
Description: At Disney, we’re storytellers. We make the impossible,
possible. The Walt Disney Company (TWDC) is a world-class
entertainment and technological leader. Walt’s passion was to
continually envision new ways to move audiences around the world—a
passion that remains our touchstone in an enterprise that spans
theme parks and resorts, a cruise line, sports, news, movies, and a
variety of other businesses. Uniting each endeavor is a commitment
to creating and delivering unforgettable experiences — and we’re
constantly looking for new ways to enhance these exciting
experiences. The Enterprise Technology mission is to deliver
technology solutions that align with business strategies, enable
enterprise efficiency, and promote cross-company collaborative
innovation. Our group drives competitive advantage by enhancing our
consumer experiences, enabling business growth, and advancing
operational excellence. The Global Information Security (GIS)
organization strives to secure the magic by employing best-in-class
services to assess, prevent, detect, and respond to cyber threats
that present risk to The Walt Disney Company. We enable the
business by integrating enterprise and business segment-specific
supported services to create a robust, efficient, and adaptable
cybersecurity program. Our key objectives are to: Secure the magic
by protecting information systems and platforms. Reduce risk by
proactively assessing, preventing, and detecting threats to the
Company and our Guests. Strengthen the business through optimizing
execution, application, and technology used to protect the Company.
Innovate by investing in core capabilities to enhance security
posture and operational efficiency. Team Description: The GIS
Security Architecture and Engineering team is Disney’s trusted
authority in security architecture, solution engineering, and
secure product delivery. We provide innovative, standards-based
capabilities and exceptional services that evolve with our clients’
needs—ensuring protection, agility, and peace of mind across the
enterprise. We empower transformational innovation by designing and
implementing scalable security architectures and frameworks that
enhance resiliency, enable agility, and safeguard Disney’s global
technology ecosystem. Our work protects the integrity of Disney’s
storytelling, experiences, and operations—reducing risk, enabling
agility, and ensuring resilience in a rapidly evolving threat
landscape. What You’ll Do: The Security Engineer – Architecture &
Engineering will: Design and drive secure architecture solutions
that protect Disney’s global technology ecosystem, developing
reference architectures and patterns that scale across
applications, cloud platforms, and enterprise services. Lead and
influence secure design decisions by partnering with engineers,
architects, and business stakeholders to embed security early in
the solution lifecycle using secure-by-design and secure-by-default
principles. Evaluate emerging cybersecurity technologies through
Disney’s Security Solution Review Process, conducting deep
technical assessments and shaping enterprise adoption strategies
for next-generation capabilities. Assess and secure AI/ML
implementations across the enterprise, performing risk-based
evaluations to identify threats such as model manipulation, data
leakage, and adversarial attacks, and recommending practical
mitigation strategies. Conduct advanced threat modeling and
architecture risk assessments, leveraging internal incident data
and external threat intelligence to proactively identify gaps and
strengthen enterprise defenses. Identify capability gaps in
existing security architectures and design forward-looking
solutions that address evolving threats, including Zero Trust
Architecture, cloud-native security, and distributed system
protection. Develop and maintain enterprise security configuration
standards, establishing secure baselines that enable consistent,
scalable protection across infrastructure, platforms, and
applications. Translate complex cybersecurity risks into clear,
actionable guidance, enabling business and engineering teams to
make informed, risk-based decisions that balance security,
usability, and speed. Lead or contribute to high-impact security
initiatives and strategic projects that reduce enterprise risk,
improve security maturity, and enable innovation across Disney’s
diverse business segments. Create and evolve reusable security
artifacts such as reference architectures, control frameworks, and
engineering patterns that drive consistency and efficiency across
the organization. Collaborate across enterprise teams to track,
prioritize, and remediate risks, ensuring alignment between
security strategy, engineering execution, and business objectives.
Support governance and compliance efforts by aligning solutions to
industry frameworks (e.g., NIST, CIS, ISO 27001) while maintaining
a strong focus on practical, risk-based implementation. Document
and communicate security decisions, designs, and outcomes to enable
transparency, auditability, and knowledge sharing across the
enterprise. Required Qualifications & Skills: 3 years of experience
in Security Architecture & Engineering, with demonstrated ability
to design and evaluate secure solutions in complex enterprise
environments. 3 years of experience securing workloads and services
in public cloud environments (e.g., AWS, Azure, Google Cloud
Platform), including implementing native cloud security controls,
identity and access management, and secure configuration of cloud
services. Experience securing modern cloud-native architectures,
including containers, serverless technologies, and
infrastructure-as-code (IaC) environments. Proven ability to create
conceptual, logical, and physical security architecture designs,
with a strong understanding of system vulnerabilities, attack
paths, and effective countermeasures. Experience designing and
implementing security controls, including those for information
protection, identity and access management (e.g., Kerberos, NTLM,
Active Directory), and networking technologies (e.g., routing,
switching, SDN, segmentation). Strong working knowledge of risk
analysis methodologies, with the ability to assess risk and design
compensating controls in complex, distributed environments.
Experience applying threat modeling techniques (e.g., STRIDE, MITRE
ATT&CK) to identify risks and inform secure architectural
decisions. Experience integrating security into the software
development lifecycle (SDLC), including CI/CD pipelines and
secure-by-design practices. Familiarity with leading cybersecurity
frameworks and methodologies, such as NIST 800-53, NIST 800-30,
MITRE ATT&CK, STRIDE, and relevant regulatory or compliance
programs (e.g., SOX, HIPAA, PCI DSS). Ability to make risk-based
architectural decisions, balancing security, business requirements,
cost, and operational constraints. Strong communication skills,
with the ability to translate complex security risks into clear,
actionable guidance for both technical and non-technical
stakeholders. Exposure to emerging technologies and security
challenges, such as AI/ML systems, Zero Trust Architecture, and
evolving cloud security paradigms. Preferred Qualifications:
Hands-on experience across multiple cybersecurity domains, with
demonstrated depth in at least two of the following: Identity and
Access Management (IAM), cloud and infrastructure security, network
security, security operations, security assessment and testing, or
secure software development (DevSecOps). Experience applying
security architecture principles to real-world systems, including
aligning security requirements with business objectives and
technology strategies (e.g., familiarity with enterprise
architecture concepts such as TOGAF or similar frameworks).
Exposure to securing AI/ML systems or emerging technologies,
including awareness of risks such as data leakage, model
manipulation, or insecure integrations, and the ability to apply
appropriate security controls. Relevant industry certifications,
such as CISSP, CCSP, AWS Certified Solutions Architect (or Security
Specialty), CISM, CRISC, CISA, or GIAC certifications. Experience
with secure software development and DevSecOps practices, including
integrating security into CI/CD pipelines, infrastructure-as-code
(IaC), and automated testing or validation processes. Proficiency
in scripting or programming languages (e.g., Python, Java,
JavaScript, or similar) to support automation, security tooling, or
data analysis. Experience evaluating or implementing modern
cloud-native architectures, including containers, serverless
platforms, and microservices. Demonstrated ability to contribute to
cross-functional initiatives, working with engineering,
architecture, and business teams to drive secure outcomes. Required
Education: Bachelor’s degree in Computer Science, Information
Systems, Software, Electrical or Electronics Engineering, or
comparable field of study, and/or equivalent work experience
DISNEYTECH The hiring range for this position in Seattle, WA is
$112,000 - $150,100 per year and in Burbank, CA is $106,900 -
$143,300 per year. The base pay actually offered will take into
account internal equity and also may vary depending on the
candidate’s geographic region, job-related knowledge, skills, and
experience among other factors. A bonus and/or long-term incentive
units may be provided as part of the compensation package, in
addition to the full range of medical, financial, and/or other
benefits, dependent on the level and position offered. Job Posting
Segment: Enterprise Technology and Data Job Posting Primary
Business: Corporate Global Information Security Primary Job Posting
Category: Security Engineering Employment Type: Full time Primary
City, State, Region, Postal Code: Burbank, CA, USA Alternate City,
State, Region, Postal Code: USA - FL - Kirkman Point 1, USA - WA -
925 4th Ave Date Posted: 2025-11-26
Keywords: The Walt Disney Company, Redlands , Security Engineer - Security Architecture and Engineering, IT / Software / Systems , Burbank, California
