WarnerMedia seeks a Sr. Security Specialist for the GTO – ISO department.
This position will examine applications within the WM enterprise for cybersecurity controls, focusing on security architecture, threat modeling, and technical testing. The position will also develop, with other team members, the necessary core processes to execute these types of tests in a manner consistent with the needs of the WarnerMedia brands. Finally, this position will review security artifacts commensurate with their level of experience and make initial recommendations to leadership.
• Determine level of assurance of developed capabilities based on test results.
• Develop test plans to address specifications and requirements.
• Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.
• Validate specifications and requirements for testability
• Perform interoperability testing on systems exchanging electronic information with other systems.
• Perform operational testing from a cybersecurity standpoint
• Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
• Record and manage test data.
• Analyze the results of software, hardware, or interoperability testing.
• Review documented information and data flows at the macro level
• Make recommendations based on test results
• Create auditable evidence of security measures
• Coordinate the onboarding, ingesting, and shepherding of systems/applications through the architecture review process
• Ensure system/application designs adhere security policies and standards
• Participate in projects, planning, controlling, executing and closing assigned projects to produce required deliverables
• Minimum five (5) years of experience in Information and Network Security
• Ability to interpret and translate customer requirements into operational capabilities.
• Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations
• Knowledge of industry-standard evaluation and validation requirements
• Knowledge of cybersecurity and privacy principles relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of network hardware devices and functions
• Knowledge of systems testing and evaluation methods
• Knowledge of the systems engineering process
• Proficient in information security frameworks, including NIST, ISO 2700x, and SANS CSC.
• Bachelor's degree is required