Engineer, Application Security Testing

Job Description

The Role

As an Application Security Testing Engineer, you will be an important member of the Warner Bros. Discovery Global Information and Content Security (GICS) team. This is a key role that will be focused on application technical testing engagements that include penetration testing and security requirements validation for our streaming media services and other supporting applications. The successful candidate will be responsible for performing in-depth technical security assessments of WBD products and applications, identifying vulnerabilities, and providing recommendations for remediation. This position requires strong technical skills, as well as the ability to communicate effectively with stakeholders and clients.

If you:
• are passionate about helping keep applications secure
• want to work in an international, face-paced company
• want to learn how to secure consumer-facing applications
• would like to be a part of an experienced team of practitioners open to sharing their knowledge
• want to have a visible impact on the security of a large suite of products

Join us!

Key Areas of Responsibility
• Work collaboratively and proactively across the organization with Product Teams on Application Security initiatives
• Perform technical in-depth testing of complex web and mobile application
• Leverage various security tools and techniques to identify and prioritize vulnerabilities in applications
• Stay up-to-date with the latest application security threats, vulnerabilities, and exploits
• Write proof of concept code to demonstrate the severity of a potential security issue
• Provide clear communication on issues to developers

Required Qualifications:
• Ability to communicate effectively with technical and non-technical stakeholders
• Ability to understand and translate WBD application security requirements into test cases
• Proven experience in security testing (Penetration testing, Vulnerability testing, Red teaming, bug hunting, CTF experience, or related field).
• Proven experience scripting in Python or other equivalent interpreted languages.
• Proven experience with 2 or more areas of security engineering practices such as in web application security, mobile application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines.
• Proven experience with threat modeling concepts and frameworks (MITRE ATT&CK, DREAD, or STRIDE)
• Excellent documentation skills supporting a technical testing engagement
• Knowledge of application security vulnerabilities, testing methodologies, and industry best practices
• Knowledge of application development frameworks for web, mobile, and API-based applications

Preferred Qualifications:
• Bachelor's degree in IT, Computer Science, or Information Security preferred.
• A certification would be preferred but not necessary such as OSCP, OSWA, OSWE, GPEN, GWAPT,
or GMOB

Jobcode: Reference SBJ-rn5qy1-3-144-27-148-42 in your application.