Principal Security Engineer - Security Assurance

Job Posting Title:

Principal Security Engineer - Security Assurance

Req ID:

10124988

Job Description:

Who We Are:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.

• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.

• Strengthen the business through optimizing execution, application, and technology used to protect the Company.

• Innovate by investing in core capabilities to enhance operational efficiency.

Team Description:

The Security Research and Testing (SRT) team specializes in simulating real-world cyberattacks to uncover vulnerabilities and evaluate the effectiveness of Disney Experiences (DX) and Disney Corporate (Corp) technology systems' security measures. By mimicking tactics used by malicious actors, the SRT team provides critical insights into potential weaknesses. They work closely with both technology and business teams across DX, Corporate and Enterprise technology teams to analyze findings, strengthen security policies, and recommend targeted improvements to address gaps in infrastructure, processes, and training, ensuring a robust and resilient security

posture.

What You Will Do:

We are hiring!  We need a Principal Security Engineer – Security Assurance to join our Global Information Security - Security Research & Testing (SRT) Team (Corporate & Disney Experiences).

You will architect and guide complex testing efforts, including adversarial simulation, deep penetration testing, and research into nebulous technology areas such as AI/ML. Beyond identifying vulnerabilities, you influence broader threat response through proactive risk modeling, technical innovation, and long-term vision. As a recognized authority in security testing, the Principal Staff Engineer sets strategic team direction, mentors across disciplines, and partners with senior stakeholders to align security strategy with business goals. You will bridge research, engineering, and execution—delivering scalable outcomes that strengthen Disney’s security posture.

Responsibilities:

• Drive the strategic vision for security testing in emerging or undefined areas.

• Tackle nebulous testing domains—new technologies, evolving threat models, early-stage initiatives.

• Design and define large-scale test engagements.

• Develop reusable frameworks or "canned" tests to be operationalized by the right-side team.

• Act as a thought partner in research and innovation, shaping long-term team capabilities.

• Lead the discovery and development of uncertain or vaguely defined projects and cybersecurity testing initiatives, bringing structure, direction, and measurable impact to emerging problem spaces.

• Lead strategic efforts to identify gaps, define new areas of focus, and push the boundaries of traditional security testing methodologies.

• Guide and mentor cross-functional teams, including software engineers, system administrators, and infrastructure specialists on the design and implementation of forward-leaning security solutions.

• Identify opportunities to streamline and automate security processes while ensuring scalability, resilience, and efficiency in operations.

Must Have:

• 10+ years of relevant IT experience in the field of Red Team Testing, Penetration Testing, Cyber Adversarial Simulations/Testing, Secure Software Development or equivalent.

• Certification: OffSec OSWE or equivalent.

• Expert understanding of general information security principles, practices, and procedures.

• Understanding of automation and scripting of applications and systems.

• Expert understanding of cloud computing (AWS, Azure, GCP) from both operational and response perspectives.

• Must be open to a flexible work schedule: both standard and non-standard hours, as well as domestic and international travel.

• Experience with running large-scale cyber testing engagements and projects with limited oversight and in a collaborative team environment.

Education:

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

#DISNEYTECH

Job Posting Segment:

Enterprise Technology

Job Posting Primary Business:

Corporate Global Information Security

Primary Job Posting Category:

Security Engineering

Employment Type:

Full time

Primary City, State, Region, Postal Code:

Orlando, FL, USA

Alternate City, State, Region, Postal Code:

Date Posted:

2025-06-27