Security Engineer - Security Architecture and Engineering

About The Position

Requirements

• 3+ years of experience in Security Architecture & Engineering, with demonstrated ability to design and evaluate secure solutions in complex enterprise environments.
• 3+ years of experience securing workloads and services in public cloud environments (e.g., AWS, Azure, Google Cloud Platform), including implementing native cloud security controls, identity and access management, and secure configuration of cloud services.
• Experience securing modern cloud-native architectures, including containers, serverless technologies, and infrastructure-as-code (IaC) environments.
• Proven ability to create conceptual, logical, and physical security architecture designs, with a strong understanding of system vulnerabilities, attack paths, and effective countermeasures.
• Experience designing and implementing security controls, including those for information protection, identity and access management (e.g., Kerberos, NTLM, Active Directory), and networking technologies (e.g., routing, switching, SDN, segmentation).
• Strong working knowledge of risk analysis methodologies, with the ability to assess risk and design compensating controls in complex, distributed environments.
• Experience applying threat modeling techniques (e.g., STRIDE, MITRE ATT&CK) to identify risks and inform secure architectural decisions.
• Experience integrating security into the software development lifecycle (SDLC), including CI/CD pipelines and secure-by-design practices.
• Familiarity with leading cybersecurity frameworks and methodologies, such as NIST 800-53, NIST 800-30, MITRE ATT&CK, STRIDE, and relevant regulatory or compliance programs (e.g., SOX, HIPAA, PCI DSS).
• Ability to make risk-based architectural decisions, balancing security, business requirements, cost, and operational constraints.
• Strong communication skills, with the ability to translate complex security risks into clear, actionable guidance for both technical and non-technical stakeholders.
• Exposure to emerging technologies and security challenges, such as AI/ML systems, Zero Trust Architecture, and evolving cloud security paradigms.

Nice To Haves

• Hands-on experience across multiple cybersecurity domains, with demonstrated depth in at least two of the following: Identity and Access Management (IAM), cloud and infrastructure security, network security, security operations, security assessment and testing, or secure software development (DevSecOps).
• Experience applying security architecture principles to real-world systems, including aligning security requirements with business objectives and technology strategies (e.g., familiarity with enterprise architecture concepts such as TOGAF or similar frameworks).
• Exposure to securing AI/ML systems or emerging technologies, including awareness of risks such as data leakage, model manipulation, or insecure integrations, and the ability to apply appropriate security controls.
• Relevant industry certifications, such as CISSP, CCSP, AWS Certified Solutions Architect (or Security Specialty), CISM, CRISC, CISA, or GIAC certifications.
• Experience with secure software development and DevSecOps practices, including integrating security into CI/CD pipelines, infrastructure-as-code (IaC), and automated testing or validation processes.
• Proficiency in scripting or programming languages (e.g., Python, Java, JavaScript, or similar) to support automation, security tooling, or data analysis.
• Experience evaluating or implementing modern cloud-native architectures, including containers, serverless platforms, and microservices.
• Demonstrated ability to contribute to cross-functional initiatives, working with engineering, architecture, and business teams to drive secure outcomes.

Responsibilities

• Design and drive secure architecture solutions that protect Disney’s global technology ecosystem, developing reference architectures and patterns that scale across applications, cloud platforms, and enterprise services.
• Lead and influence secure design decisions by partnering with engineers, architects, and business stakeholders to embed security early in the solution lifecycle using secure-by-design and secure-by-default principles.
• Evaluate emerging cybersecurity technologies through Disney’s Security Solution Review Process, conducting deep technical assessments and shaping enterprise adoption strategies for next-generation capabilities.
• Assess and secure AI/ML implementations across the enterprise, performing risk-based evaluations to identify threats such as model manipulation, data leakage, and adversarial attacks, and recommending practical mitigation strategies.
• Conduct advanced threat modeling and architecture risk assessments, leveraging internal incident data and external threat intelligence to proactively identify gaps and strengthen enterprise defenses.
• Identify capability gaps in existing security architectures and design forward-looking solutions that address evolving threats, including Zero Trust Architecture, cloud-native security, and distributed system protection.
• Develop and maintain enterprise security configuration standards, establishing secure baselines that enable consistent, scalable protection across infrastructure, platforms, and applications.
• Translate complex cybersecurity risks into clear, actionable guidance, enabling business and engineering teams to make informed, risk-based decisions that balance security, usability, and speed.
• Lead or contribute to high-impact security initiatives and strategic projects that reduce enterprise risk, improve security maturity, and enable innovation across Disney’s diverse business segments.
• Create and evolve reusable security artifacts such as reference architectures, control frameworks, and engineering patterns that drive consistency and efficiency across the organization.
• Collaborate across enterprise teams to track, prioritize, and remediate risks, ensuring alignment between security strategy, engineering execution, and business objectives.
• Support governance and compliance efforts by aligning solutions to industry frameworks (e.g., NIST, CIS, ISO 27001) while maintaining a strong focus on practical, risk-based implementation.
• Document and communicate security decisions, designs, and outcomes to enable transparency, auditability, and knowledge sharing across the enterprise.

Benefits

• A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.