Sr Engineer, Product Security

Job Description

Your New Role

The Sr. Product Security Engineer will work within WBD's Global Information and Content Security team and cooperate with Direct to Consumer (DTC) teams on initiatives to design and deploy appropriate, risk-based application security safeguards and technical application security controls to protect data, services, and technology assets of WBD's products. The role will focus on application security for our streaming media service and other supporting applications. This Sr. Product Security Engineer will work closely with development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. The person taking this position will strive to become a subject matter expert on product security and secure code development gaining experience through communication and collaboration with various application engineering teams to facilitate the improvement of the existing SSDLC process within the organization.

Your Role Accountabilities
• Execute and evolve the Product Security Engagement program
• Perform threat modeling and review technical architecture product security architectures and critical user journeys.
• Evaluate current system security measures and recommend or implement enhancements.
• Review and contribute to application designs and solutions with security architecture evaluations
• Participate in information security operations duties, including occasional incident response escalations as a subject matter expert.
• Work collaboratively and proactively across the organization (e.g., Technical Architects, Engineering Leads, Product managers, Digital Media Program (AGILE) Teams, etc.) to support remediation security gaps
• Identify and define product security requirements and security baselines.

Qualifications & Experience
• 5+ years of product/application security work experience
• Hybrid work environment. Must be based in the Warner Bros. Discovery office, minimum three-days/week.
• Knowledge of common security principles for web application architectures
• Experience in code reviews, business logic assessment, and application security testing
• Solid understanding of security protocols, cryptography, authentication, authorization and security
• Broad knowledge of Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE
• Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles
• Hands-on experience working with DevOps and Agile driven product teams.
• Knowledge of practical threat modeling for consumer applications
• Experience in secure software development principles in various languages (Java, Go, JavaScript, Python, etc.)
• Excellent communication and presentation abilities with great attention to detail
• Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences

Desirable
• Bachelor's degree in Computer Science or Information Security or related field
• Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux.
• Knowledge of cloud security principles
• Experience in application/tool development with at least one modern programming language
• GPEN, GXPN, GMOB or other Security Certifications

Jobcode: Reference SBJ-gq4wzz-3-146-35-203-42 in your application.