Associate Security Engineer, Security Assurance

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses.

Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross‑company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

• Secure the Magic by protecting information systems and platforms.
• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance operational efficiency.

The Security Research and Testing (SRT) team specializes in simulating real‑world cyberattacks to uncover vulnerabilities and evaluate the effectiveness of Disney Experiences (DX) and Disney Corporate (Corp) technology systems’ security measures. By mimicking tactics used by malicious actors, the SRT team provides critical insights into potential weaknesses. They work closely with both technology and business teams across DX, Corporate and Enterprise technology teams to analyze findings, strengthen security policies, and recommend targeted improvements to address gaps in infrastructure, processes, and training, ensuring a robust and resilient security posture.

As an Associate Security Engineer on the Security Research and Testing (SRT) team, you will support security testing activities across a wide range of technologies and environments. This entry‑level role offers structured, hands‑on learning opportunities where you will develop foundational adversarial testing skills, build knowledge of Disney systems, and assist in identifying vulnerabilities that impact high‑visibility guest and operational technologies.

You will work closely with senior testers and engineers, following established procedures, asking clarifying questions, and applying conceptual knowledge to routine testing tasks. This role is ideal for early‑career professionals who are passionate about cybersecurity and ready to grow their skills within a collaborative team environment.

• Execute routine testing tasks under close guidance using established procedures and checklists.
• Assist in structured security assessments to identify basic vulnerabilities and configuration issues.
• Collect testing data, perform straightforward analysis, and document observations clearly.
• Participate as a junior member in multi‑tester engagements, contributing to defined portions of the work.
• Maintain accurate work logs, notes, and task status updates.
• Assist in preparing sections of reports, including screenshots, data tables, and summary notes.
• Follow standardized workflows to ensure repeatability and quality of testing activities.
• Build foundational knowledge of Disney platforms, security controls, and testing methodologies.
• Engage in continuous learning related to adversarial techniques, testing tools, and emerging technologies.
• Learn how testing results are communicated to partners and gradually assist with basic explanations.
• Exchange straightforward information with team members and ask questions to ensure understanding.
• Attend team reviews and debriefs to observe how findings are framed for technical partners.
• Build positive working relationships with peers and cross‑functional teams.

• Foundational understanding of IT and cybersecurity concepts, including firewalls, intrusion detection/prevention systems, anti‑malware software, data…