Build Your Career in Cybersecurity -
YOUR WAY

Carpenter Technology Corporation is a leading producer and distributor of premium specialty alloys, including titanium alloys, nickel and cobalt based superalloys, stainless steels, alloy steels and tool steels.  Carpenter Technology’s high-performance materials and advanced process solutions are an integral part of critical applications used within the aerospace, transportation, medical and energy markets, among other markets.  Building on its history of innovation, Carpenter Technology’s wrought and powder technology capabilities support a range of next-generation products and manufacturing techniques, including novel magnetic materials and additive manufacturing.

​

ANALYST IV - CYBERSECURITY

• Performs and guides IT teams with Identity and Access Management (IAM) duties including user account provisioning, password vaulting, periodic access review, and encryption key management.
• Performs advanced cyber-threat analysis, initial risk assessment, and forensic examination.
• Collaborates with Cybersecurity and IT teams to keep cybersecurity infrastructure in ready state. Administers security infrastructure including intrusion detection, data loss prevention, anti-virus, network and web application firewalls, VPN, web access filters, and encryption.
• Creates/updates standard operating procedures and as-built documentation. Routinely publish performance metrics.
• Evaluates key security intelligence feeds, assesses risk, and recommends actions for security control improvements.
• Guides design of technical and procedural security controls.
• Provides security and compliance guidance for IT projects intended to enable or advance business initiatives.
• Steers IT and Business teams with secure integration of Cloud and Third-party Applications.
• Advises IT teams regarding patch notifications, initial risk assessment, eligible systems, and deployment requirements.
• Performs vulnerability assessments including network scans (e.g., Qualys, Rapid 7, etc.) and application security testing (e.g., HP Fortify, IBM AppScan, etc.).
• Performs periodic penetration testing (Ethical Hacking) and consults management on risk treatment plans.
• Guides employees with security policy (e.g., password complexity, encryption settings, etc.) and advances cybersecurity awareness campaigns (e.g, Phishing email simulations).
• Routinely publishes Governance, Risk, and Compliance (GRC) metrics.
• Examines design and operational effectiveness of security controls. Coordinates audit engagements led by Internal Audit, Regulator, or external audit firm.
• Performs assessment of internal and third-party cybersecurity risk. Examines audit reports (e.g., SOC 1, SOC 2, ISO 27001, etc). Prepares responses to customer inquiries about Carpenter compliance related to IT and Security.
• Perform all other duties and special projects as assigned.

Required Qualifications:

• Bachelor of Science degree in computer science or related field.
• Security certifications such as CISSP, CISA, CISM, CCSP, GCIH, GCIA, GSEC and CEH.
• Minimum 7 years of related experience with Access Management, Security Operations, Network Security, Vulnerability Management, Compliance, or Audit.
• Expert understanding of information technology.
• Expert knowledge of multiple security domains and common security controls.
• Expert knowledge of 3-6 security domains.
• Familiarity with common hacking techniques (e.g., malware, phishing, etc.) and effective counter measures.
• Adoption of security best practices and industry standards (e.g. NIST, ISO, CIS, COBIT, OWASP, etc.).
• Hands-on operation of cybersecurity infrastructure (e.g., Firewalls, Intrusion Detection, AV, PKI, Encryption, etc.) and configuration experience.
• Security Incident Response handling.
• Malware analysis experience.
• Multi-task and manage demands of multiple projects, incidents, and tasks.
• Meet deadlines and manage changing priorities.
• Perform effectively both independently and in a team environment.
• Security Initiative Project Management.
• Strong collaboration skills and comfortable working in a team environment.
• Manage stressful situations associated with cyber-attack.
• Influence fellow technical staff regarding security, compliance, and risk.
• Identifies opportunities for improvement and makes constructive suggestions for change.
• Perform research and communicating findings to technical and non-technical audience.

Carpenter Technology Company offers a competitive salary and a comprehensive benefits package including life, medical, dental, vision, flexible spending accounts, disability coverage, 401k with company contributions as well as many other options to employees.

​

Carpenter Technology Corporation’s policy is to fully and effectively maintain a program of equal employment opportunity and nondiscrimination for all employees, to employ affirmative action for all protected classes, and to recruit and develop the best qualified persons available regardless of age, race, color, religion, sex, gender identity, sexual orientation, marital status, national origin, political affiliation or any other characteristic protected by law. The Company also will recruit, develop and provide opportunities for qualified persons with disabilities and protected veterans.

Summary Information about the Role

Job Posting Title:

Manager, Studios Cybersecurity Risk and Product Security

​

Req ID:

10113234

​

Primary Job Posting Category:

Security Operations

​

Employment Type:

Full time

​

Primary City, State, Region, Postal Code:

Glendale, CA, USA

​

Alternate City, State, Region, Postal Code:

DNU_USA - NY - ESPN Zone New York

​

Date Posted:

2025-03-10

​

Company Overview

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

​

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

​

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.
• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance operational efficiency.

​

We are defenders of the magic, waging an epic battle to safeguard our franchises, protect our people, and ensure the world’s most admired entertainment company is not disrupted by cybersecurity threats. We are partners in protecting Disney’s highly respected portfolio including Marvel Studios, Pixar Animation Studios, Lucasfilm, Disney Live Action Films, Walt Disney Animation Studios, Searchlight Pictures, and 20th Century Studios.

​

The Studios Cybersecurity team are seeking a Manager, Studios Cybersecurity Risk and Product Security, who will be an exceptional addition to our team. As a Manager, Studios Cybersecurity Risk and Product Security, you will be responsible for identifying, assessing, and mitigating potential security threats by developing and implementing comprehensive security strategies, policies, and procedures, ensuring the protection of sensitive data, systems, and infrastructure. This is a technical role with a focus on Cyber Risk Management and assessment over the technologies we support. This role will work closely with the Studios Cybersecurity team, Content Security, and application developers, engineering partners on key initiatives to meet Risk and Compliance requirements over TWDC Information Security Policies, Content Protection standards, Security Configuration Standards, and applicable regulatory requirements. This role will be partnering with the Cybersecurity service owners, Engineering, Application Developers, infrastructure teams, TWDC Global Information Security, and various Studio partners through control assessments, solutions architect, remediation requirements, risk management, and interfacing with the key stakeholders to mature our overall security posture.

• Conduct regular risk assessments to identify potential security threats and vulnerabilities across all organizational systems and operations.
• Develop, implement, and oversee remediation processes to address issues identified via application assessments, audit assessments, key financial application reviews, access control reviews, internal or external audits and/or other assessments.
• Assess the security posture of third-party vendors and manage security risks associated with outsourced services.
• Assist in development of monthly Compliance communications in conjunction with end-user training.
• Ensure adherence to relevant security regulations, TWDC information security policies, security configuration standards, and compliance standards.
• Provide performance reporting related to risk and internal controls effectiveness to key stakeholders.
• Influence prioritization to efficiently and effectively reduce or mitigate security risks timely.
• Provide support for continuous improvement initiatives to mitigate/manage risks while reducing overall compliance costs.
• Partner with functional business areas to analyze and determine the effect to internal control systems for new information technology implementations and proposed process improvement changes.
• Develop and maintain a comprehensive plan to monitor remediation and risk mitigation projects and scope changes, prioritization of scope components.
• Manage, and mature the risk appetite framework for the organization and associated lines of business.
• Be a key partner and contributor to the implementation of enterprise technology and tools, such as a GRC, to support the effective and efficient execution of risk management processes, including automation of processes, where possible.
• You will lead and direct teams of professionals with diverse skills and backgrounds by providing constructive on-the-job feedback/coaching.

Experience and Education

• 8 years of applied work experience in cybersecurity programs, audits, assessments, risk, remediation, or cybersecurity compliance
• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience
• Relevant security certifications (e.g., CISSP, CISA, CISM)
• Deep understanding of cybersecurity principles and best practices
• Expertise in risk assessment methodologies and frameworks (e.g., NIST RMF)
• Knowledge of security best practices over public cloud such as AWS, Azure and GCP.
• Proven ability to analyze and assess complicated application architectures and workflows to identify risk.
• Familiarity with identity and access management integrations such as Active Directory, Okta, Auth0, SAML, OIDC).
• Knowledge of RESTful web services (client–server application).
• Familiarity with CI/CD principals, tools and services.
• Experience with one or more programming or scripting languages – i.e PowerShell, Python, C#, VB, VBA, Ruby, NodeJS, SQL, etc
• Strong analytical and problem-solving skills
• Excellent communication and presentation skills to convey complex security concepts to non-technical audiences
• Experience with security tools and technologies (e.g., firewalls, intrusion detection/prevention systems, SIEM)
• History of on-time, on-budget delivery of strategic deliverables
• Highly organized and efficient. Proven ability to manage multiple projects at a given time

The hiring range for this position in CA is $138,900 to $186,200 per year. The hiring range for this position in NY and WA is $145,400 to $195,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

​

#DISNEYTECH

​

#LI-AF2

Summary

This is a hybrid position with occasional visits to client site in Washington, D.C.

​

AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers' mission.

​

The software engineer will maintain and improve the client’s continuous integration and continuous delivery (CI/CD) pipeline. They must have a deep understanding of software development methodologies and modern delivery environments. Their responsibilities will include designing, developing and maintaining the CI/CD pipeline, to include end-to-end and unit tests. They will develop tests that map to the NIST 800-53 Rev 5 controls and ensure that security controls are implemented during the pipeline. The software engineer will also assist other team members with code reviews and software best practices.

​

Company Overview

NA

• Develop new CI/CD processes and methods to improve the ability to deliver new features and code to customers.
• Manage the CI/CD process and create specialized Python programs to interact with and enhance cybersecurity-related processes and data.
• Not a cloud-based CI/CD pipeline manager solely relying upon use of automated tools.
• Manage pipelines that are Splunk-specific and written in Python.

Required Qualifications:

• Expert in Python.
• Minimum of five years of experience as a developer with focus on delivering secure code through highly optimized pipelines.
• Minimum of two years of experience managing a CI/CD environment that uses security tests to enforce security requirements.
• Minimum of three years of experience designing and implementing automated CI/CD tests including unit, end-to-end, use case and misuse cases.
• Familiarity with Splunk’s Search Processing Language and Kusto Query Language.

​

Preferred Qualifications:

• Knowledge of React and/or experience with JavaScript library.

• Required Clearance: Able to pass police background check (#clearable)
• Our Cybersecurity Software Engineer's earn between $89,200 - $207,900. Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

​

Joining our team comes with amazing perks and benefits:

• Medical/Dental/Vision coverage
• 401(k) plan
• Tuition reimbursement program
• Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
• Paid Parental Leave
• Paid Caregiver Leave
• Additional sick leave beyond what state and local law require may be available but is unprotected
• Adoption Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
• Employee Assistance Programs (EAP)
• Extensive employee wellness programs
• Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone

​

Weekly Hours: 40

​

Time Type: Regular

​

Location: Oakton, Virginia

​

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.