Security Engineer - Security Architecture and Engineering

Security Engineer - Security Architecture and Engineering

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continually envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that spans theme parks and resorts, a cruise line, sports, news, movies, and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences—and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align with business strategies, enable enterprise efficiency, and promote cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the magic by protecting information systems and platforms.
• Reduce risk by proactively assessing, preventing, and detecting threats to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance security posture and operational efficiency.

The GIS Security Architecture and Engineering team is Disney's trusted authority in security architecture, solution engineering, and secure product delivery. We provide innovative, standards-based capabilities and exceptional services that evolve with our clients' needs—ensuring protection, agility, and peace of mind across the enterprise. We empower transformational innovation by designing and implementing scalable security architectures and frameworks that enhance resiliency, enable agility, and safeguard Disney's global technology ecosystem.

Our work protects the integrity of Disney's storytelling, experiences, and operations—reducing risk, enabling agility, and ensuring resilience in a rapidly evolving threat landscape.

What You'll Do:

This role will be on-site at least 4 days per week for teamwork and collaboration!

The Security Engineer – Architecture & Engineering will:

• Design and drive secure architecture solutions that protect Disney's global technology ecosystem, developing reference architectures and patterns that scale across applications, cloud platforms, and enterprise services.
• Lead and influence secure design decisions by partnering with engineers, architects, and business stakeholders to embed security early in the solution lifecycle using secure-by-design and secure-by-default principles.
• Evaluate emerging cybersecurity technologies through Disney's Security Solution Review Process, conducting deep technical assessments and shaping enterprise adoption strategies for next-generation capabilities.
• Assess and secure AI/ML implementations across the enterprise, performing risk-based evaluations to identify threats such as model manipulation, data leakage, and adversarial attacks, and recommending practical mitigation strategies.
• Conduct advanced threat modeling and architecture risk assessments, leveraging internal incident data and external threat intelligence to proactively identify gaps and strengthen enterprise defenses.
• Identify capability gaps in existing security architectures and design forward-looking solutions that address evolving threats, including Zero Trust Architecture, cloud-native security, and distributed system protection.
• Develop and maintain enterprise security configuration standards, establishing secure baselines that enable consistent, scalable protection across infrastructure, platforms, and applications.
• Translate complex cybersecurity risks into clear, actionable guidance, enabling business and engineering teams to make informed, risk-based decisions that balance security, usability, and speed.
• Lead or contribute to high-impact security initiatives and strategic projects that reduce enterprise risk, improve security maturity, and enable innovation across Disney's diverse business segments.
• Create and evolve reusable security artifacts such as reference architectures, control frameworks, and engineering patterns that drive consistency and efficiency across the organization.
• Collaborate across enterprise teams to track, prioritize, and remediate risks, ensuring alignment between security strategy, engineering execution, and business objectives.
• Support governance and compliance efforts by aligning solutions to industry frameworks (e.g., NIST, CIS, ISO 27001) while maintaining a strong focus on practical, risk-based implementation.
• Document and communicate security decisions, designs, and outcomes to enable transparency, auditability, and knowledge sharing across the enterprise.

Required Qualifications & Skills:

• 3+ years of experience in Security Architecture & Engineering, with demonstrated ability to design and evaluate secure solutions in complex enterprise environments.
• 3+ years of experience securing workloads and services in public cloud environments (e.g., AWS, Azure, Google Cloud Platform), including implementing native cloud security controls, identity and access management, and secure configuration of cloud services.
• Experience securing modern cloud-native architectures, including containers, serverless technologies, and infrastructure-as-code (IaC) environments.
• Proven ability to create conceptual, logical, and physical security architecture designs, with a strong understanding of system vulnerabilities, attack paths, and effective countermeasures.
• Experience designing and implementing security controls, including those for information protection, identity and access management (e.g., Kerberos, NTLM, Active Directory), and networking technologies (e.g., routing, switching, SDN, segmentation).
• Strong working knowledge of risk analysis methodologies, with the ability to assess risk and design compensating controls in complex, distributed environments.
• Experience applying threat modeling techniques (e.g., STRIDE, MITRE ATT&CK) to identify risks and inform secure architectural decisions.
• Experience integrating security into the software development lifecycle (SDLC), including CI/CD pipelines and secure-by-design practices.
• Familiarity with leading cybersecurity frameworks and methodologies, such as NIST 800-53, NIST 800-30, MITRE ATT&CK, STRIDE, and relevant regulatory or compliance programs (e.g., SOX, HIPAA, PCI DSS).
• Ability to make risk-based architectural decisions, balancing security, business requirements, cost, and operational constraints.
• Strong communication skills, with the ability to translate complex security risks into clear, actionable guidance for both technical and non-technical stakeholders.
• Exposure to emerging technologies and security challenges, such as AI/ML systems, Zero Trust Architecture, and evolving cloud security paradigms.

Preferred Qualifications:

• Hands-on experience across multiple cybersecurity domains, with demonstrated depth in at least two of the following: Identity and Access Management (IAM), cloud and infrastructure security, network security, security operations, security assessment and testing, or secure software development (DevSecOps).
• Experience applying security architecture principles to real-world systems, including aligning security requirements with business objectives and technology strategies (e.g., familiarity with enterprise architecture concepts such as TOGAF or similar frameworks).
• Exposure to securing AI/ML systems or emerging technologies, including awareness of risks such as data leakage, model manipulation, or insecure integrations, and the ability to apply appropriate security controls.
• Relevant industry certifications, such as CISSP, CCSP, AWS Certified Solutions Architect (or Security Specialty), CISM, CRISC, CISA, or GIAC certifications.
• Experience with secure software development and DevSecOps practices, including integrating security into CI/CD pipelines, infrastructure-as-code (IaC), and automated testing or validation processes.
• Proficiency in scripting or programming languages (e.g., Python, Java, JavaScript, or similar) to support automation, security tooling, or data analysis.
• Experience evaluating or implementing modern cloud-native architectures, including containers, serverless platforms, and microservices.
• Demonstrated ability to contribute to cross-functional initiatives, working with engineering, architecture, and business teams to drive secure outcomes.

Required Education:

• Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

The hiring range for this position in Seattle, WA is $112,000 - $150,100 per year, in Orlando, FL is $101,800 - $136,500, and in Burbank, CA is $106,900 - $143,300 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in