Lead Application Security Engineer, Mobile

Job Description

Your New Role...

As an Application Security Lead, you will be an important member of the Warner Bros. Discovery Global Information and Content Security (GICS) team. This is a key role that will be focused on application security for native, native mobile, hybrid, OTT, and mobile applications. The Application Security Lead will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. This person will work closely with WBD's product teams and will build relationships with engineering groups to support effective security solutions for our products. As a Lead, you will provide strategic input into the direction of how GICS will scale and support security in our native, native mobile, hybrid, OTT, and mobile applications.
Operations
• Work collaboratively and proactively across the organization with Product/Application Teams on AppSec initiatives
• Work collaboratively and proactively to grow the security culture across the organization
• Be creative and solve problems with solutions that can scale
• Maintain knowledge of current and emerging secure mobile application technologies/products/trends

Technical
• Build, maintain, and utilize security tools for the Application Security program
• Collaborate with development teams to ensure secure coding best practices are followed
• Perform security and risk assessments for consumer-facing mobile, native, or applications
• Identify and define mobile application security requirements and security baselines
• Actively and continuously share role-specific knowledge with team members and product teams
• Stay up to date with the latest application security threats, vulnerabilities, and exploits. 

The Essentials
• A strong desire to help engineering teams build consumer applications securely
• Proven experience building tools and automation to support an Application Security team
• Strong understanding of application security standards and practices, such as the OWASP Mobile Application Security Verification Standard (MASVS) and Mobile Security Testing Guide (MSTG)
• Strong understanding of software development methodologies and secure coding practices
• Strong understanding of the SDLC and CI/CD pipelines
• Experience with developing iOS and Android mobile applications
• Experience reading and comprehending code, discerning business logic, and identifying security flaws in mobile-relevant languages, such as Swift, Objective-C, Kotlin, Java, JavaScript, and TypeScript.
• Understanding of common mobile application authentication and encryption methods, including OAuth and PKI
• Understanding of protocol and network analysis using mitmproxy and Wireshark
• Understanding of platform-specific security features and best practices, such as Apple's App Transport Security, Android's Network Security Configuration, and Samsung Knox.
• Familiarity with platform-specific development environments, SDKs, and tools, such as Xcode for iOS, Android Studio for Android, and Samsung's Tizen Studio.
• Hands-on experience working with DevOps and Agile-driven product teams
• Excellent written and verbal communication skills

The Nice to Haves
• Knowledge of cloud architecture and security principles
• Bachelor's degree in IT, Computer Science, or Information Security preferred.
• ISC2 CSSLP, GIAC (GMOB, GWEB, GCSA), or other Security Certifications

If you're a qualified candidate and you require adjustments or accommodations to search for a job opening or apply for a position, please contact us at recruitadmin@wbd.com.

Jobcode: Reference SBJ-d9kv0k-3-15-10-218-42 in your application.