Sr. Application Security Engineer, Sdlc Tooling & Devops

Job Description

The Job

As a Senior Application Security Engineer, you will be an important member of the Warner Bros. Discovery Global Information and Content Security (GICS) team. This is a key role that will focus on ensuring the adoption, deployment, fine-tuning, and development of tools, services, and processes that enable security controls in the SDLC (Software Development Life Cycle). This role will work closely with Development and DevOps teams to define security processes and integrations that support existing workflows and pipelines. This role will work across all aspects of the Application Security team (Engineering, Operations, Testing, and Vulnerability Management) to ensure an efficient and effective Application Security Pipeline
Operational
• Act as a security-focused engineering leader that is passionate about learning, mentoring, teaching, and problem solving
• Work collaboratively and proactively across the organization with product teams on Application Security initiatives
• Be creative and solve problems with scalable solutions
• Identify and define application security requirements and author security policies
• Maintain knowledge of current and emerging secure application technologies, products, and trends
• Actively and continuously share role-specific knowledge with team members and product teams
• Participate in Agile SCRUM ceremonies, requirements gathering, priority and risk identification, proposing solutions, estimating timeframes, and driving tasks to completion

Technical
• Build, maintain, deploy, and operate security tools and configuration at-scale for the Application Security program
• Collaborate with product teams to ensure secure coding best practices are followed
• Identify and support the development of new security tools that enable the team to increase coverage, scale, and monitoring
• Review and contribute to application designs and solutions
• Collaborate with engineers to maintain and continually improve existing security tools

The Essentials
• Proven and extensive Software Engineering experience developing and maintaining scalable, Cloud-native software solutions
• Proven and extensive experience with container technologies, AWS, and infrastructure-as-code (IaC) such as Terraform, Cloud Formation, etc.
• Proven and extensive experience building tools and automation to support an Application Security team
• Proven and extensive experience in secure software development principles in various languages and frameworks (Python, JavaScript, TypeScript, Java, Go, etc.)
• A strong desire to help engineering teams build consumer applications securely
• Strong understanding of software development methodologies and secure coding practices
• Strong understanding of the SDLC and CI/CD pipelines
• Strong understanding of application security standards and practices, such as the OWASP Top 10
• Knowledge of practical threat modeling for consumer applications
• Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences
• Hands-on experience working with DevOps and Agile-driven product teams
• Excellent written and verbal communication skills
• Ability to work effectively in a team or individually and receptive to feedback

The Nice to Haves
• Experience with GitHub Security features
• Knowledge of cloud security principles
• Bachelor's degree in IT, Computer Science, or Information Security preferred
• ISC2 CSSLP, GIAC (GWEB, GCSA), or other Security Certifications

If you're a qualified candidate and you require adjustments or accommodations to search for a job opening or apply for a position, please contact us at recruitadmin@wbd.com.

Jobcode: Reference SBJ-g44yyv-216-73-216-0-42 in your application.