Application Security Engineer

Job Description

The Job
We are looking for all breakers and builders out there! We pride ourselves in bringing solutions to the table. You will be part of the Application Security team working on the latest technologies. This includes working collaboratively with other teams to deploy solutions based on security standards to reduce risks associated with account fraud, system compromise, and data theft. Perks include working for a team that promotes autonomy and personal development.

We are the team responsible for championing and influencing secure technology choices across the organization, guiding the design and deployment of features utilizing secure architectures. The Application Security team plays a primary role in instilling security standards and implementing cutting-edge innovative countermeasures. Our team is the primary interface in advising our broader organization and business leaders on the importance and value of security to develop and instill a DevSecOps mindset across our HBO Max product development organization.

HBO Max represents some of the world's most beloved entertainment content and online experiences. We protect our company assets and customer data by constantly striving to do better by monitoring the effectiveness of our security programs, processes, and controls. Most importantly, we monitor the processes that safeguard the confidentiality, integrity, and availability of our data. We offer practical implications of emerging threats and identifying cyber risks that arise as our business partners advance new strategies.

The Daily
The candidate will champion Application Security efforts within the organization with a focus on identifying and remediating vulnerabilities using automation where possible. The successful candidate will assist in developing a set of engineering security standards for the organization that drives security awareness and collaboration to enable secure engineering practices & resiliency into all applications/systems. You will:
• Collaborate with other engineers in security code reviews to identify and fix issues in our applications and infrastructure
• Develop and code tooling to automate manual security processes
• Lead security-related projects from inception to successful completion
• Perform hands-on internal assessments on our platform and infrastructure
• Conduct regular security and risk assessments of HBO Max's applications, infrastructure, and security controls.
• Interface with other teams and take a leadership role in driving customer security and privacy initiatives.

The Essentials
• 8+ years of relevant experience in Information Security Engineer roles
• Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
• Subject matter expertise on secure design & coding practices
• Experience working with AWS or other cloud environments
• An understanding of network and related protocols (TCP/IP, HTTP, VPNs, etc) and ability to use inspection tools (Burp, Wireshark, etc)
• Understanding of Vulnerability Management, risk determination, and other general security testing principles with the ability to provide specific recommendations on how to fix vulnerabilities
• Experience analyzing complex systems to perform Threat Models
• Coding experience: ability to code against vendor APIs, manage code using git, work with ticket tracking systems, etc.

The Nice to Haves
• Familiarity with industry regulations, such as PCI, GDPR, LGPD, and CCPA
• Contributions to Open Source Software
• Various security certifications from SANS, ISACA, ISC2, etc
• Coding experience in TypeScript and NodeJS
• Experience with IAST, RASP, DAST, SAST
• Security modeling structures: STRIDE, DREAD, CVSS, OCTAVE, MIL-STD-882E, etc
• Experience with Infrastructure-as-Code (CloudFormation, Terraform, Ansible, etc) and Security-as-Code

Jobcode: Reference SBJ-r1ywv0-18-221-165-246-42 in your application.