Senior Security Engineer - Threat Detection

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.
• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance operational efficiency.

Team Description:

We are seeking a skilled and experienced Senior Security Engineer with a specialization in Detection Engineering to join our GIS Anomaly Detection Team. In this role, you will be responsible for designing, developing, and maintaining detection mechanisms to identify anomalous and malicious activities within our environment. Your expertise in Splunk and detection content development will be instrumental in improving visibility and detecting threats before they can impact our systems and data. You will collaborate closely with security teams, stakeholders, and engineers to enhance our overall security posture through innovative detection strategies and continuous improvement.

Key Responsibilities:

• Detection Engineering: Lead and execute the development of advanced detection logic to identify potential security threats, vulnerabilities, and malicious activities within the enterprise environment. 
• Content Development: Design and implement detection rules, alerts, and dashboards in Splunk to enhance threat visibility and response capabilities. Optimize detection logic to minimize false positives and ensure actionable alerts. 
• Detection Use Case Development: Collaborate with stakeholders to build and refine detection use cases aligned with the threat landscape and organizational priorities. Leverage frameworks such as MITRE ATT&CK to create robust, behavior-based detections. 
• Threat Intelligence Integration: Partner with the Cyber Threat Intelligence (CTI) team to incorporate threat intelligence feeds, indicators, and TTPs into detection rules. Ensure detection content is adaptive to emerging threats. 
• Testing and Tuning: Perform continuous testing and tuning of detection content to ensure effectiveness, reliability, and performance. Collaborate with red team and threat hunting teams to validate detection coverage. 
• Automation: Partner with the SOAR team to develop and implement automated workflows and integrations that enhance the efficiency and scalability of detection processes. Collaborate to ensure seamless integration of detection logic with automation capabilities for improved threat response. 
• Collaboration: Work closely with security operations, threat hunting, and engineering teams to ensure seamless integration of detection capabilities. Share insights and contribute to a unified approach to threat detection and response. 
• Continuous Improvement: Stay current with emerging cybersecurity trends, detection methodologies, and tools. Proactively propose and implement improvements to detection capabilities and workflows. 
• Documentation and Reporting: Maintain thorough documentation of detection content, processes, and improvements. Support the Threat Detection Staff Lead in generating detailed reports and metrics for stakeholders to showcase detection program effectiveness.

Must Haves:

• 5+ years of experience with a focus on detection engineering, SIEM content development, or security operations.
• Experience working with large enterprises or cybersecurity firms.
• Solid understanding of cybersecurity frameworks and standards (e.g., MITRE ATT&CK, NIST).
• Proficiency in at least one scripting language (e.g., Python, PowerShell, Bash) for creating detection logic and automation.
• Extensive hands-on experience with Splunk, including developing and tuning detection rules, dashboards, and alerts.
• Experience in kill chain analysis, network traffic analysis, and advanced behavior-based detection logic.
• Familiarity with integrating threat intelligence into detection systems and processes.
• Effective communication skills for conveying detection logic, findings, and metrics to technical and non-technical stakeholders.
• Experience with detection automation and integration with SOAR platforms.
• Relevant certifications or equivalent training, such as Splunk Core Certified Power User, CISSP, or GIAC GCDA (GIAC Certified Detection Analyst).

Nice To Haves:

• Experience with advanced persistent threat (APT) investigations and understanding their TTPs.
• Hands-on experience in detection engineering for cloud environments (e.g., AWS, Azure, Google Cloud).
• Familiarity with red teaming operations and leveraging their outputs to improve detection capabilities.
• Expertise in searching and parsing various log/event types, such as Active Directory logs, network traffic, syslog, web server logs, and endpoint telemetry, to identify threats and anomalies.
• Ability to mentor junior team members in detection engineering practices and tools.
• Proven ability to present complex technical concepts and findings to executive leadership.
• Fundamental understanding of statistics or data science concepts (e.g., anomaly detection, trend analysis, clustering) to improve detection logic and threat analysis.

Education:

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

The hiring range for this remote position is $138,500 to $185,600 per year, which factors in various geographic regions. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.