The Walt Disney Company (Corporate)

NOTE: Hybrid schedule with up to 2 days in the office per week. Hours would be 7:00am-4:00pm CST but could be flexible

Job Summary

· We are looking for a motivated and detail-oriented Junior Application Security Engineer to join our global application security team.

· In this entry-level role, you will primarily focus on onboarding security tooling, maintaining documentation, and supporting developers in integrating security into the development process.

· In addition, supporting operations from vulnerability management perspective. This is an excellent opportunity to grow your career in the application security field while working in a collaborative and supportive environment.

Key Responsibilities
1. Onboarding Security Tooling:

· Assist in the deployment and configuration of application security tools, including SAST, DAST, SCA, and other related technologies.

· Collaborate with development teams to integrate security tools into CI/CD pipelines.

· Ensure new teams and projects are successfully onboarded to security tools and processes.

2. Documentation and Knowledge Sharing:

· Create and maintain documentation, including onboarding guides, troubleshooting steps, and FAQs for security tooling.

· Develop training materials and how-to guides to empower developers to use security tools effectively.

3. Developer Support:

· Serve as the first point of contact for developer questions related to security tooling and practices.

· Provide guidance on using security tools and interpreting findings.
Support developers in onboarding, addressing and remediating vulnerabilities identified by security tools.

4. Continuous Improvement:

· Identify common issues and recommend process or tool improvements to enhance efficiency.

· Stay current on application security tools and practices to bring fresh ideas to the team.

Detailed description of Activities

Integration and onboarding Support (this is a huge part of the work!):

· Maintain a list of onboarded development organizations and update as new orgs are onboarded (we received the list from CCP team)

· Help orgs in how to integrate their orgs (simple instructions and need to share the information)

· Support developers with IDE plugins for Checkmarx (share with developers CheckMarx docs on IDE plugins integration and how to use them effectively)

Developer Onboarding and Support

· Create and maintain developer onboarding documentation

· share documents with onboarding and integration information with new developers

· Provide first-level support for developers using Checkmarx (facilitate support with CheckMarx support team)

· Create and update coding standards documentation with security best practices (as provided by CheckMarx)

Checkmarx Administration

· Set up and manage user accounts and access permissions in Checkmarx (when needed)

· Create and maintain project configurations

· Configure scan presets as provided instructions

· Generate and distribute security reports to development teams

Vulnerability Management

· Track remediation progress and follow up with development teams

· Maintain vulnerability metrics and prepare status reports and share with lead developers

Process Improvement

· Document common security issues and create preferred remediation approaches (based on documentations)

· Help maintain and update security requirements in development workflows

· Collect feedback from developers when contacted through Teams channel

Documentation and Knowledge Management

· Maintain internal knowledge base of security issues and solutions

· Document common Checkmarx findings and remediation strategies (as provided by CheckMarx)

· Create and update security checklists for different application types

Experience:

· Entry level someone who is trainable; 1 to 2 years of experience in IT, development, DevOps, or a related technical role (internship or academic experience will also be considered).

· They need some foundational IT skills with a passion for security. This role will be more operational in nature such as setting up users & coordinating activities etc

· *Must complete background check and drug test.