Product Security Engineer Specialist

Warner Bros. Discovery

33d•Hybrid

About The Position

Welcome to Warner Bros. Discovery… the stuff dreams are made of. Who We Are… When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next… From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive. Must work a hybrid schedule (3 days onsite) out of our Burbank office. As a Product Security Engineer Specialist, you will be a vital member of the Warner Bros. Discovery Global Information and Content Security (GICS) team. This key role will concentrate on ensuring the adoption, deployment, fine-tuning, and development of tools, services, and processes that enable robust security controls within the Product Security lifecycle. You will collaborate closely with Development and DevOps teams to define security processes and integrations that seamlessly support existing workflows and pipelines. Additionally, you will engage with all aspects of the Application Security team (Engineering, Operations, Testing, and Vulnerability Management) to ensure an efficient and effective Product Security Pipeline.

Requirements

Hybrid work environment; must be based in the Warner Bros. Discovery office for a minimum of three (3) days/week.
Bachelor’s degree in computer science, Engineering, or related field, or equivalent work experience.
5+ years of experience in information security, with at least 3 years of experience in product security, application security, or cloud security.
Understanding of consumer behavior and expectations regarding digital services and experience balancing security needs with user experience considerations
Proven track record of leading and managing security projects in a fast-paced, dynamic, and agile environment
Extensive experience in secure code reviews, business logic assessments and application security testing with deep understanding of network, data, and cloud security principles
Expert knowledge of security principles, standards, and best practices, such as OWASP, NIST, ISO, etc.
Experience in deploying cyber security solutions in public cloud environments (IaaS, PaaS, SaaS)
Strong technical skills and hands-on experience with security tools and technologies, such as web application firewalls, vulnerability scanners, penetration testing tools, encryption, authentication, etc.
Excellent communication and presentation skills, with the ability to communicate effectively with both technical and non-technical audiences.
Experience with Agile development/Scrum methodologies and incorporation of security requirements into SDLC (CI/CD) with product owners.
Experience in securing cloud environments and services on AWS, GCP, and Azure, using automation and CI/CD pipelines.
Experiencing in managing programs supporting secure code and software deployments in various languages (Python, Node.js, C#, .NET, JavaScript, Go, Ruby, GraphQL, SDK, and RESTful API design/development).

Nice To Haves

Experience in the media and entertainment industry, or with direct-to-consumer products and platforms, is a plus (e.g., Demonstrated success in implementing security measures for large-scale consumer platforms)
Experience in implementing and leading DevSecOps initiatives, frameworks, and tools (e.g., GHAS, Burp Suite, Nmap, Metasploit, etc.) used for SCA, SAST, DAST, etc.
CISSP, CEH, GPEN, or OSCP certifications are highly desired

Responsibilities

Support the expansion of Product Security programs by contributing to security architecture engagement strategies, scalable product threat modeling, and the implementation of product security technical initiatives
Assist in developing and delivering security roadmap plans, ensuring initiatives are completed successfully and on time with high quality.
Help establish and enforce security standards, policies, and best practices for product development teams, ensuring compliance with industry regulations and customer expectations (PCI, GDPR, CCPA, etc.)
Collaborate with product, engineering, and business stakeholders to identify and prioritize security risks and requirements, providing guidance and support on security architecture, design, testing, and remediation.
Contribute to the development and implementation of security metrics and dashboards to measure and report on the security posture and performance of products and platforms.
Stay informed about emerging security threats, trends, and technologies, and contribute to discussions on security solutions and practices.
Support the adoption and integration of DevSecOps principles and practices into the product development process, including continuous integration, continuous delivery, automation, and collaboration.
Be familiar with common vulnerabilities and attack vectors in consumer-facing digital services and leverage cloud security best practices and tools to secure products and platforms on AWS, GCP, and Azure, using automation and CI/CD pipelines.
Manage relationships effectively, advocating for business and external customers by engaging in security-related requirements conversations.
Utilize professional experience with security testing tools for product and application security testing, including SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), threat modeling, and product penetration testing.