Responsibilities:

Work with a larger Operational Technology Cybersecurity team at the Disneyland Resort to:

• Administer both individual and centrally managed instances of vulnerability scanners (Tenable Security Suite, Qualys, etc)

• Manage deployment strategies for both isolated and managed vulnerability scanners in new and legacy attractions

• Ensure adequate and proper response to discovered vulnerabilities in accordance with established and defined Security Policies

• Understand vulnerability data and ensure remediation deployment does not negatively impact an attraction

• Document risk through practical experience with vulnerability management and GRC tools including Archer

• Work with the deployment team to automatically detect and remediate discovered vulnerabilities (Chef/Puppet Configuration Management, etc.)

• Guide group policy, automated patch management and policy development

• Optimize security tool deployments and introduce scalable processes across Cybersecurity capabilities

• Partner with system engineering groups to maintain reliability and availability of our attractions

• Effectively communicate vulnerability and risk data to senior executives

Qualifications:

• Experience in a technical role supporting the detection, cataloging, remediation, and mitigation of vulnerabilities

• Security Vulnerability Scanning Tools (Tenable Nessus/Security Center/Tenable.OT, Qualys, etc.)

• Remediating or mitigating discovered vulnerabilities using tools such as, WSUS, Group Policy, and/or Chef

• Experience with both Windows and Linux Operating Environments

• Experience with Virtual Machine configuration

• Ability to work individually with minimal supervision and as an integral part of a team

• Ability to efficiently manage the resolution of computer and operational technology vulnerabilities with varying degrees of complexity

• Knowledge in network and system security procedures, best practices, and implementation & analysis of network documentation and diagramming

• Able to work non-traditional hours (occasional weekends, evenings, and holidays), in non-traditional settings. This can include backstage areas that could involve dark spaces, elevated walkways, and industrial environments

Preferred Qualifications:

• Prior experience in an entertainment venue or attractions/theme park industry

• Prior experience or a strong understanding of how to approach vulnerability remediation and mitigation within an Operational Technology environment

• Configuration Management Automation and/or scripting experience (Python/Bash)

Required Education:

• Bachelor’s degree in Cybersecurity, Computer Science, or related engineering field or related work experience

Preferred Education:

• One or more general security certifications including Security+, CySA+, CCNA Cyber Ops, AWS, GSEC, GICSP, CISSP, or other relevant certifications

• One or more vulnerability assessment or auditing certification including CISSA, CISM, GCCC, GSNA or other relevant certifications