Sr Cybersecurity Tech Spec

The Attractions Operational Technology (AOT) Cybersecurity team at Walt Disney World Resort in Orlando Florida is responsible for the security and reliability of the control networks that run our rides and shows.  These are in the form of ride controls, show controls, animated figure controls, lighting controls, audio controls, projection, video, and interactive controls. Our work frequently brings us into the parks and behind the scenes as we build out secure networks and manage connectivity for all the hardware and software responsible for the guest experiences. We have an immense social circle of interaction - our closest partners are those in Disney Enterprise Technology, Disney Global InfoSec, Walt Disney Imagineering, Sustaining Engineering and all the Controls Engineering teams. This team is the global leader for Attractions-based, OT Cybersecurity. Our offices are located inside a park berm and therefore we get to see and hear guest excitement on a daily basis.

Primary Responsibilities:

• Utilize Threat Intelligence and Threat Models to create threat hypotheses and then plan and implement verification
• Manage and analyze event data (millions+ events/day) provided by existing logging infrastructure
• Identify anomalies and take steps to validate whether or not they are a true threat
• Proactively and iteratively search through systems and networks to detect advanced threats
• Prepare and report risk analysis and threat findings to appropriate stakeholders
• Partner with our SIEM developer to build threat hunting detections and dashboards
• Partner with our SOAR developer to enrich the data and automate the response and acknowledgement
• Find misconfigurations through inspection of data and then lead correction efforts to increase reliability of our rides and shows
• Drive improved automation detections for system alarms – and then help trigger response
• Develop intuitive dashboards that show cyber health of each of our attractions
• Manage tools and data that detect network changes
• Coordinate with different teams to improve threat detection and response, and improve the overall security posture of the environment
• Manage and triage security incidents, perform analysis, and perform initial investigations
• Keep up to date with cyber threats and security technologies
• Review and analyze data from a variety of cyber defense tools, including network traffic logs, intrusion detection or prevention system alerts, firewall or system logs, and open-source information to identify threat activity
• Due to the onsite nature and scope of work, this role is onsite 4 days a week, plus a 5th flex work day that may be from home

Basic Qualifications:

• Intermediate understanding of Ethernet networking technology.
• Experience in cyber data analyst role or equivalent,  5+ years.
• Elastic Stack (preferred) or Splunk SIEM experience.
• Knowledge of “Blue Team” role and responsibilities
• Understanding and ability to discuss the difference between information technology and operational technology.
• Experience parsing and working with aggregated log indexes.
• Experience building detections from published IOCs.

Preferred Qualifications:

• Security Operation Center team experience.
• Operational Technology (industrial control system) experience.
• SOAR experience.
• Experience building integrations using APIs between tools like messaging apps and Active Directory.
• Understanding of VMware related technologies including vsphere, vcenter and ESXi.
• Understanding of Active Directory structure including group policy, users, groups.
• Intermediate knowledge of a programming language such as Python.
• Membership in industry related knowledge-sharing organizations.

Required Education:

• BS in Comp Sci, Cybersecurity, IT or related field.
• One or more general security certifications.

Preferred Education:

• MS in Comp Sci, Cybersecurity, IT or related field.
• One or more SIEM, SOAR, or incident handling certifications.

The hiring range for this position in Florida is $107,256.00-$143,880.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.