Director of Engineering, Security in charge of Nexxen's security program and governance. Leading secure practices and collaborating with executives to ensure risk reduction and compliance.
TC
Hybrid Security Engineer – Security Architecture, Engineering
Posted 3 days ago
About the role
- Security Engineer designing and implementing secure architecture solutions for Disney's global technology ecosystem. Collaborating with teams to assess threats and secure AI/ML implementations and technologies.
Responsibilities
- Design and drive secure architecture solutions that protect Disney’s global technology ecosystem, developing reference architectures and patterns that scale across applications, cloud platforms, and enterprise services
- Lead and influence secure design decisions by partnering with engineers, architects, and business stakeholders to embed security early in the solution lifecycle using secure-by-design and secure-by-default principles
- Evaluate emerging cybersecurity technologies through Disney’s Security Solution Review Process, conducting deep technical assessments and shaping enterprise adoption strategies for next-generation capabilities
- Assess and secure AI/ML implementations across the enterprise, performing risk-based evaluations to identify threats such as model manipulation, data leakage, and adversarial attacks, and recommending practical mitigation strategies
- Conduct advanced threat modeling and architecture risk assessments, leveraging internal incident data and external threat intelligence to proactively identify gaps and strengthen enterprise defenses
- Identify capability gaps in existing security architectures and design forward-looking solutions that address evolving threats, including Zero Trust Architecture, cloud-native security, and distributed system protection
- Develop and maintain enterprise security configuration standards, establishing secure baselines that enable consistent, scalable protection across infrastructure, platforms, and applications
- Translate complex cybersecurity risks into clear, actionable guidance, enabling business and engineering teams to make informed, risk-based decisions that balance security, usability, and speed
- Lead or contribute to high-impact security initiatives and strategic projects that reduce enterprise risk, improve security maturity, and enable innovation across Disney’s diverse business segments
- Create and evolve reusable security artifacts such as reference architectures, control frameworks, and engineering patterns that drive consistency and efficiency across the organization
- Collaborate across enterprise teams to track, prioritize, and remediate risks, ensuring alignment between security strategy, engineering execution, and business objectives
- Support governance and compliance efforts by aligning solutions to industry frameworks (e.g., NIST, CIS, ISO 27001) while maintaining a strong focus on practical, risk-based implementation
- Document and communicate security decisions, designs, and outcomes to enable transparency, auditability, and knowledge sharing across the enterprise.
Requirements
- 3+ years of experience in Security Architecture & Engineering, with demonstrated ability to design and evaluate secure solutions in complex enterprise environments
- 3+ years of experience securing workloads and services in public cloud environments (e.g., AWS, Azure, Google Cloud Platform), including implementing native cloud security controls, identity and access management, and secure configuration of cloud services
- Experience securing modern cloud-native architectures, including containers, serverless technologies, and infrastructure-as-code (IaC) environments
- Proven ability to create conceptual, logical, and physical security architecture designs, with a strong understanding of system vulnerabilities, attack paths, and effective countermeasures
- Experience designing and implementing security controls, including those for information protection, identity and access management (e.g., Kerberos, NTLM, Active Directory), and networking technologies (e.g., routing, switching, SDN, segmentation)
- Strong working knowledge of risk analysis methodologies, with the ability to assess risk and design compensating controls in complex, distributed environments
- Experience applying threat modeling techniques (e.g., STRIDE, MITRE ATT&CK) to identify risks and inform secure architectural decisions
- Experience integrating security into the software development lifecycle (SDLC), including CI/CD pipelines and secure-by-design practices
- Familiarity with leading cybersecurity frameworks and methodologies, such as NIST 800-53, NIST 800-30, MITRE ATT&CK, STRIDE, and relevant regulatory or compliance programs (e.g., SOX, HIPAA, PCI DSS)
- Ability to make risk-based architectural decisions, balancing security, business requirements, cost, and operational constraints
- Strong communication skills, with the ability to translate complex security risks into clear, actionable guidance for both technical and non-technical stakeholders
- Exposure to emerging technologies and security challenges, such as AI/ML systems, Zero Trust Architecture, and evolving cloud security paradigms.
Benefits
- A bonus and/or long-term incentive units may be provided as part of the compensation package
- Full range of medical, financial, and/or other benefits
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Health and Safety Manager designing and implementing safety measures in occupational health. Collaborating with organizational areas to manage risk factors and ensure workplace safety.
Lead Security Engineer at US Mobile building systems for the 21st century with a focus on fraud prevention and security integration across SDLC.
Business Development Representative at xorlab driving proactive lead generation in cybersecurity market. Collaborating closely with sales and marketing team to optimize lead development processes.
Cyber Security Architect responsible for IT security compliance and cyber - risk management at a Swiss utility firm. Engaging with cross - functional teams to implement 'Secure - by - design' strategies.
Information Security Officer ensuring cybersecurity at an IT service provider for food and beverage sector. Developing strategies and overseeing security protocols while reporting to management.
Head of Information Security at Aurora shaping security strategy and governance in a software - focused global business. Leading security efforts to ensure resilience and compliance across operations.
Senior Security Engineer specializing in penetration testing and security strategies for fintech. Collaborating with teams to enhance security for AI applications and financial systems.
Principal Cyber Security Engineer for Identity Access Management at MSK managing identity solutions and advanced identity platforms. Partnering with stakeholders to align identity strategy and lead IAM initiatives.
Join The Missing Link as a Security Engineer, leveraging 3 - 4 years of IT Security experience. Lead projects in a collaborative environment with a focus on innovation and impact.