As Discovery's portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O Implements and maintains the business systems and technology that are critical for delivering Discovery's products, while articulating the long-term technology strategy that will enable Discovery's growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.
The Cloud Security Architect is a technology and process focused thought-leader with an emphasis in public cloud architecture and engineering. As a lead member of the cloud security team, the Cloud Security Architect will help support the infosec functions of incident response, vulnerability management, compliance, and assessment while providing direct guidance to product and IT teams for all public cloud related matters in AWS, GCP and Azure.
• Act as a Cloud Security Subject Matter Expert (SME) for the team and Infosec department
• Identify opportunities to reduce cloud security risk for Discovery, and lead implementation of the solutions.
• Create design artifacts to enable members of the Cloud Security team to implement solutions (built in-house or purchased from vendor)
• Partner with product teams to design secure network and serverless architectures
• Provide ninja-level IAM Policy guidance to enable product teams to implement least privilege access.
• Review cloud architecture and advise development teams on strong Security Design principles and identification of issues prior to systems or features deployed.
• Interface with Public Cloud providers to improve the security feature set of their products
• Interface with cloud security vendors to evaluate features and determine proof-of-value
• Maintain an awareness of cloud-costs and the cost implications of the security controls implemented
• Mentor junior members of staff
• Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.
• Collaborate with senior management and department leaders to assess near- and long-term cloud security needs
• Staying current with the latest cloud threat mitigation tools and techniques
• Strong understanding of cloud-based infrastructure components with specific understanding of the security risks presented in a decentralized and hybrid environment.
• Broad understanding of information security and compliance risk, and how those apply to Public Cloud.
• Comfortable automating processes start to finish and can work closely with cloud solutions engineering and product teams to help integrate security into their existing processes.
• Proficient in at least one scripting language (python, Nodejs, Golang)
• Core understanding of IP Networking, routing, VPNs
• Hands-on experience with some the following:
• Docker and Kubernetes
• Developing & Securing Serverless applications
• Security administration in AWS/GCP/Azure
• GitHub Security
• Infrastructure as code tools (Pulumi, Ansible, CloudFormation, Terraform)
• Command Line experience (Bash, Powershell, AWS-CLI)
• Cloud Network (VPC) engineering
• Cloud native security related tools (AWS Guard Duty, AWS WAF, GCP Security Center)
• Elastic Stack
• Excellent verbal and written communication skills with a strong attention to detail
• Remains productive while rapidly switching context
• Thirst for knowledge and constantly driven to stay current with evolving threat landscapes
• AWS Certifications – AWS Solutions Architect, AWS Security Specialty
• GCP Certifications - ACE, Other
• Security Product Engineering Certifications
• Architecture Certifications: ITIL
• Previous Experience with DivvyCloud, QRadar, Splunk, TwistLock, PrismaCloud
Jobcode: Reference SBJ-r7kqy8-3-80-3-192-42 in your application.