Sr. Information Security Engineering Specialist

About The Position

Requirements

• Hybrid work environment; must be based in the Warner Bros. Discovery office for a minimum of three (3) days/week.
• Bachelor's degree in computer science, Engineering, or related field, or equivalent work experience.
• 5+ years of experience in information security, with at least 3 years of experience in product security, application security, or cloud security.
• Understanding of consumer behavior and expectations regarding digital services and experience balancing security needs with user experience considerations
• Proven track record of leading and managing security projects in a fast-paced, dynamic, and agile environment
• Extensive experience in secure code reviews, business logic assessments and application security testing with deep understanding of network, data, and cloud security principles
• Expert knowledge of security principles, standards, and best practices, such as OWASP, NIST, ISO, etc.
• Experience in deploying cyber security solutions in public cloud environments (IaaS, PaaS, SaaS)
• Strong technical skills and hands-on experience with security tools and technologies, such as web application firewalls, vulnerability scanners, penetration testing tools, encryption, authentication, etc.
• Excellent communication and presentation skills, with the ability to communicate effectively with both technical and non-technical audiences.
• Experience in the media and entertainment industry, or with direct-to-consumer products and platforms, is a plus (e.g., Demonstrated success in implementing security measures for large-scale consumer platforms)
• Experience in implementing and leading DevSecOps initiatives, frameworks, and tools (e.g., GHAS, Burp Suite, Nmap, Metasploit, etc.) used for SCA, SAST, DAST, etc.
• Experience with Agile development/Scrum methodologies and incorporation of security requirements into SDLC (CI/CD) with product owners.
• Experience in securing cloud environments and services on AWS, GCP, and Azure, using automation and CI/CD pipelines.
• Experiencing in managing programs supporting secure code and software deployments in various languages (Python, Node.js, C#, .NET, JavaScript, Go, Ruby, GraphQL, SDK, and RESTful API design/development).
• CISSP, CEH, GPEN, or OSCP certifications are highly desired

Responsibilities

• Support the expansion of Product Security programs by contributing to security architecture engagement strategies, scalable product threat modeling, and the implementation of product security technical initiatives
• Assist in developing and delivering security roadmap plans, ensuring initiatives are completed successfully and on time with high quality.
• Help establish and enforce security standards, policies, and best practices for product development teams, ensuring compliance with industry regulations and customer expectations (PCI, GDPR, CCPA, etc.)
• Collaborate with product, engineering, and business stakeholders to identify and prioritize security risks and requirements, providing guidance and support on security architecture, design, testing, and remediation.
• Contribute to the development and implementation of security metrics and dashboards to measure and report on the security posture and performance of products and platforms.
• Stay informed about emerging security threats, trends, and technologies, and contribute to discussions on security solutions and practices.
• Support the adoption and integration of DevSecOps principles and practices into the product development process, including continuous integration, continuous delivery, automation, and collaboration.
• Be familiar with common vulnerabilities and attack vectors in consumer-facing digital services and leverage cloud security best practices and tools to secure products and platforms on AWS, GCP, and Azure, using automation and CI/CD pipelines.
• Manage relationships effectively, advocating for business and external customers by engaging in security-related requirements conversations.
• Utilize professional experience with security testing tools for product and application security testing, including SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), threat modeling, and product penetration testing.

Benefits

• health insurance coverage
• an employee wellness program
• life and disability insurance
• a retirement savings plan
• paid holidays and sick time and vacation