Associate Security Engineer, Security Assurance

Disney•Orlando, FL

About The Position

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: Secure the Magic by protecting information systems and platforms. Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. Strengthen the business through optimizing execution, application, and technology used to protect the Company. Innovate by investing in core capabilities to enhance operational efficiency. The Security Research and Testing (SRT) team specializes in simulating real-world cyberattacks to uncover vulnerabilities and evaluate the effectiveness of Disney Experiences (DX) and Disney Corporate (Corp) technology systems' security measures. By mimicking tactics used by malicious actors, the SRT team provides critical insights into potential weaknesses. They work closely with both technology and business teams across DX, Corporate and Enterprise technology teams to analyze findings, strengthen security policies, and recommend targeted improvements to address gaps in infrastructure, processes, and training, ensuring a robust and resilient security posture. As an Associate Security Engineer on the Security Research and Testing (SRT) team, you will support security testing activities across a wide range of technologies and environments. This entry‑level role offers structured, hands‑on learning opportunities where you will develop foundational adversarial testing skills, build knowledge of Disney systems, and assist in identifying vulnerabilities that impact high‑visibility guest and operational technologies. You will work closely with senior testers and engineers, following established procedures, asking clarifying questions, and applying conceptual knowledge to routine testing tasks. This role is ideal for early‑career professionals who are passionate about cybersecurity and ready to grow their skills within a collaborative team environment.

Requirements

Foundational understanding of IT and cybersecurity concepts, including firewalls, intrusion detection/prevention systems, anti-malware software, data encryption, VPNs, vulnerability scanners, server operating systems, and other industry-standard techniques and practices.
Familiarity with operating systems, networks, or basic security tools.
Ability to follow detailed procedures and established testing workflows.
Ability to follow detailed procedures and established testing workflows.
Strong problem‑solving mindset, with the ability to analyze standard information and apply judgment.
Clear communication skills and willingness to ask questions.
Curiosity, eagerness to learn, and commitment to growing technical expertise.
Understanding of adversarial techniques,
Ability to establish credibility and working relationships with a wide range of personnel, including operations, management and legal staff.
Experience with security testing tools.
Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

Nice To Haves

Hands‑on practice in penetration testing labs, cybersecurity coursework, or competitions.
Experience with scripting or basic automation.
Foundational certifications (e.g., Security+, CEH, Google Cybersecurity, INE Security's Junior Penetration Tester certifications).

Responsibilities

Execute routine testing tasks under close guidance using established procedures and checklists.
Assist in structured security assessments to identify basic vulnerabilities and configuration issues.
Collect testing data, perform straightforward analysis, and document observations clearly.
Participate as a junior member in multi‑tester engagements, contributing to defined portions of the work.
Maintain accurate work logs, notes, and task status updates.
Assist in preparing sections of reports, including screenshots, data tables, and summary notes.
Follow standardized workflows to ensure repeatability and quality of testing activities.
Build foundational knowledge of Disney platforms, security controls, and testing methodologies.
Engage in continuous learning related to adversarial techniques, testing tools, and emerging technologies.
Learn how testing results are communicated to partners and gradually assist with basic explanations.
Exchange straightforward information with team members and ask questions to ensure understanding.
Attend team reviews and debriefs to observe how findings are framed for technical partners.
Build positive working relationships with peers and cross‑functional teams.