Click here to login or register
Reference # : 18-22183 Title : Senior Software Engineer
Location : Seattle, WA
Experience Level : Start Date : 04/16/2018  
Description/Comment: The Software and Solutions Architecture team within the Enterprise Technology division is currently seeking a Security Software Engineer. This position is responsible for developing and integrating the appropriate tools and business practices for reducing risks and improving security for digital software systems developed & released by the Engineering Services group. These software systems span across consumer and business facing applications within The Walt Disney Company and are leveraged throughout numerous businesses (ESPN, ABC, Parks & Reports, Disney Consumer Product & Interactive Media, etc.).
The security software engineer will partner across all Engineering Services' teams and the Global Information Security (GIS) within Disney to address security compliance requirements while reducing software development costs and risks. Job duties will include software development and integration of application security tools within the build and delivery pipeline progressing towards a Secure Software Development Life Cycle.
Responsibilities (what they'll be working on)
? Develop reference implementation of security libraries.
? Collaborate with security/software architect to design and develop automated security scanning with continuous software build and deployment systems.
? Implement proof of concept projects to evaluate security scanning tools.
Basic Qualifications Required Qualifications
? 3 or more years of industry experience in designing, implementing, and supporting software applications and services.
? Solid software engineering and software development lifecycle (SDLC) fundamentals. Prior experience with Secure SDLC is desired.
? Solid understanding of and experience with HTTP, RESTful APIs, JSON, XML; experience with web socket is a plus.
? Experience integration with static and dynamic security analyzers
? Solid understanding & experience with continuous integration and delivery/deployment platforms
? Experience developing software in Java and interfacing with web services
? Experience with a scripting language(s) for automation, such as Python, Bash, Ruby, Node.js.
? Ability to articulate technical details clearly through written documentation and interpersonal interactions
Preferred Qualifications Optional Qualifications (like to have)
? Familiarity with application security vulnerabilities such as OWASP Top 10 web application vulnerabilities or CWE/SANS Top 25 application errors preferred.
? Experience in Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) such as Snyk, WebInspect, OWASP ZAP, or equivalent is a plus.
? Experience with containers like Docker to spin up ephemeral environments.
? Experience with developing and deploying to the cloud platforms.
? Bachelor's degree in Computer Science or Computer Engineering.
Required Education BA/BS degree or equivalent experience
Additional Information We are building secure development lifecycle for EAS. What that entails is integration the build and deployment pipeline to incorporate app security scanning tools. So for example, when source code is tracked into our repository a built process will be kicked off and during that time a tool can be scanning those source files for vulnerability. In addition, if encrypted credentials or bad code is written in non-secure fashion, we want to catch those issues early before we build and deploy application into the environment. For post deployment we would scan an application and vulnerabilities.

This person will be working with manager to design and develop the integration with various development platforms that EAS supports. We currently are using Jenkins, Git Lab CI, Disteli and potentially AWS code pipeline but not there yet. Most of our applications are java based- building and deploying java applications. For example our immediate need is to build out a dynamic scanning tool. We will be scanning the application during run time when an app is being deployed and scan for vulnerability. So far we have proof of concept implemented and we need to take that to the next level and make sure it is production ready. Then eventually we want it to work for any platform. Right now we are on Jenkins, but we want to have the ability to run on any platform. Skills MATRIX: Column 1. Requirement; Column 2: # of Years; Column 3 WHERE in the resume to find it. REQUIREMENTS ARE AS FOLLOWS: 1. Building and deploying java applications using Maven and deploy on git lab, distelli or Jenkins; 2. Integration technology stack is scripting, nice to have Python, or Ruby or Bash. 3. HTTP Experience 4. REST API's; 5. JSON; 6. GIT. Please include this at the top of all submissions.