Staff Reliability Engineer (Lucasfilm) - Cybersecurity

We are defenders of the magic, waging an epic battle to safeguard our franchises, protect our people, and ensure the world’s most admired entertainment company is not impacted by cybersecurity threats. This position builds and operates systems that provide stay-secure capabilities to our Studio customers. We are partners in protecting Disney’s highly respected portfolio including Marvel Studios, Pixar Animation Studios, Lucasfilm, Disney Live Action Films, Walt Disney Animation Studios, Searchlight Pictures, and 20th Century Studios.

To exceed the expectations of our dedicated, creative partners, we need highly motivated, customer-focused professionals who are passionate about finding new ways to deliver world-class cybersecurity capabilities. As a Staff Reliability Engineer - Cybersecurity (CRE), you will be responsible for integrating security practices into our workflow to ensure the continuous delivery of secure and reliable software/hardware solutions. You will work closely with development, operations, and security teams to identify potential vulnerabilities, implement security measures, and automate security processes. Your role is crucial in encouraging a secure DevOps culture, improving the organization's security posture, and maintaining compliance with relevant regulations and standard methodologies.

Areas of Responsibilities:

• Design and implement security practices, tools, and automation into the team pipelines, ensuring that security is a fundamental aspect of the software development lifecycle as well as hardware configuration, security maintenance, and lifecycle.
• Secure Infrastructure: Partner with various team members and engineers to design, implement, and maintain secure infrastructure configurations for cloud platforms and on-premises environments. security standard methodologies to servers, networks, and other critical infrastructure components.
• Continuous Security Monitoring: As a member of the Lucasfilm team, partner with the Walt Disney Company Global Information Security team to ensure security monitoring tools and processes to detect security incidents, anomalies, and potential threats in real time are efficiently in place.
• Security Testing Automation: Collaborate with other Lucasfilm / ILM teams to develop and maintain security testing scripts, including static code analysis, multifaceted application security testing (DAST), and container security scanning.
• Vulnerability Management: Identify, track, and prioritize security vulnerabilities in software components, libraries, and infrastructure. Collaborate with development and operations teams to remediate identified issues promptly.
• Secure CI/CD Pipeline: Work with the Lucasfilm / ILM development community on best practices to secure and optimize the continuous integration and continuous delivery (CI/CD) pipelines, including code scanning, automated testing, and deployment security.
• Threat Intelligence: Stay up to date with the latest security threats, vulnerabilities, and industry trends. Leverage threat intelligence to proactively improve security measures.
• Security Awareness: Promote security awareness and training across the organization, educating teams about phishing awareness, security patching, secure coding, configuration management, and other security-related topics.
• Cloud Security: Implement security controls and standard processes for cloud services and platforms, such as AWS, Azure, or GCP.
• Automation: Develop and maintain security automation scripts and tools to streamline security processes and reduce manual intervention.
• Teamwork: Collaborate effectively with multi-functional teams to ensure cybersecurity requirements are considered.

Basic Qualifications

• 7+ years of proven experience working in a technical, hands-on, cybersecurity role.
• Experience with programming or scripting languages - i.e PowerShell, Python, C#, VB, VBA, Ruby, NodeJS, SQL, etc.
• CLOUD SECURITY: Experience in securing cloud platforms and services (e.g., AWS, Azure, GCP) and implementing cloud security standards.
• AUTOMATION TOOLS: Experience with automation tools and frameworks to simplify security procedures (e.g. Ansible, HashiCorp, SCCM, JAMF, Tanium).
• DEVOPS EXPERTISE: Strong understanding of DevOps principles, CI/CD pipelines, and configuration management tools (e.g., Jenkins, Git, Kubernetes)
• SECURITY KNOWLEDGE: In-depth knowledge of information security principles, standards, and industry frameworks (e.g., OWASP, NIST, CIS, MPAA)

Preferred Qualifications

• Comfortable translating from cyber jargon into compelling stories on business value, customer benefits, cybersecurity value, and technical risk management.
• Ability to handle time optimally, prioritize workloads, and adjust based on production needs.
• Customer empathy to understand our business drivers. Deeply curious to discover sophisticated solutions for cyber defense capabilities including threat and vulnerability management, event monitoring, and incident response.

Education

• Bachelor’s degree in Computer Science, Computer Engineering, or related technical field, and/or equivalent work experience, or significant experience and progress towards professional credentials.
• Current security-related certifications (e.g., CISSP, SANS GIAC, etc.)
• Cloud security certifications (AWS, Azure, GCP, CCSP).

#DISNEYTECH

The hiring range for this position in San Fracisco, CA is $148,994 to $199,870 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.