Sr Product Security Engineer

Job Description

Overview

As Discovery's portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world-class standard for which Discovery is known. Implements and maintains the business systems and technology that are critical for delivering Discovery's products, while articulating the long-term technology strategy that will enable Discovery's growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.

Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.

The Role

As a Sr. Product Security Engineer, you will work within Discovery's Information Security team and cooperate with Direct to Consumer (DTC) teams on initiatives to design and deploy appropriate, risk-based application security safeguards and technical application security controls to protect data, services, and technology assets of Discovery's products. The role will focus on application security for our streaming media service and other supporting applications. This Product Security Specialist will work closely with development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. The person taking this position will strive to become a subject matter expert on product security and secure code development, gaining experience through communication and collaboration with various application engineering teams to facilitate the improvement of the existing SSDLC process within the organization.

If you:
• are passionate about web and mobile application security
• want to work in an international, face-paced company
• want to learn how to secure consumer-facing applications
• would like to be a part of an experienced team of practitioners open to sharing their knowledge
• want to learn how to implement security into SDLC (CI~CD)
• want to have a visible impact on the security of a large suite of products

Join us!

Responsibilities
• Run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools.
• Create and run secure code assessments with various application and services engineering teams.
• Perform manual and automated penetration tests and retests of web and mobile applications.
• Review technical architecture and delivery for Web and other Client Delivery Platforms.
• Review current system security measures and recommend or implement enhancements.
• Review and contribute to application designs and solutions.
• Review developers' codes, provide feedback and perform security assessments for consumer-facing applications, services and future technology.
• Triage risk of identified vulnerabilities and findings.
• Work with external penetration testers, oversee ongoing pentests and exercises, work with application engineering teams on remediation of found vulnerabilities.
• Participate (as a subject matter expert) in information security operations duties, including occasional incident response escalations.
• Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (Server, Client, Mobile, Tablet, etc.).
• Identify and define application security requirements and security baselines.
• Work collaboratively and proactively across the organization (e.g., Technical Architects, Engineering Leads, Product managers, etc.) to support and remediate security gaps.

Qualifications
• 6+ years of product/application security work experience.
• Subject matter expert of common security principles for web application architectures.
• Experience in code reviews, business logic assessment, and application security testing.
• Solid understanding of security protocols, cryptography, authentication, authorization and security.
• Strong knowledge of Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
• Familiarity with HTML~CSS, JavaScript and UI~UX design and software quality assurance principles
• Hands on experience working with DevOps and Agile driven product teams.
• Familiar with using application security tools at scale like BurpSuite Enterprise/Pro, SAST, DAST, nmap, Metasploit, and Kali Linux.
• Knowledge of practical threat modeling for consumer applications.
• Experience in secure software development principles in various languages (Java, Go, JavaScript, Python, etc.).
• Excellent communication and presentation abilities with great attention to detail.
• Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences.

Jobcode: Reference SBJ-r17qjm-13-59-34-87-42 in your application.