Sr. Product Security Engineer

Job Description

Your New Role...

The Sr. Product Security Engineer will work within WBD's Global Information and Content Security team and cooperate with Direct to Consumer (DTC) teams on initiatives to design and deploy appropriate, risk-based application security safeguards and technical application security controls to protect data, services, and technology assets of WBD's products. The role will focus on application security for our streaming media service and other supporting applications. This Sr. Product Security Engineer will work closely with development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. The person taking this position will strive to become a subject matter expert on product security and secure code development gaining experience through communication and collaboration with various application engineering teams to facilitate the improvement of the existing SSDLC process within the organization.

If you:
• Are passionate about web and mobile application security
• Want to work in an international, face-paced company
• Want to learn how to secure applications and infrastructure in the cloud
• Would like to be a part of an experienced team of practitioners opened to sharing their knowledge
• Want to learn how to implement security into SDLC (CI/CD)
• Want to have a visible impact on the security of a large suite of products
Join us!

Your Role Accountabilities...
• Run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis
tools
• Create and run secure code assessments with various application and services engineering teams
• Perform manual and automated penetration tests and retests of web and mobile applications.
• Review technical architecture and delivery for Web and other Client Delivery Platforms
• Review current system security measures and recommend or implement enhancements.
• Review and contribute to application designs and solutions
• Review developers' codes, provide feedback and perform security assessments for consumer-facing
applications, services and future technology.
• Triage risk of identified vulnerabilities and findings.
• Work with external penetration testers, oversee ongoing pentests and exercises, work with application
engineering teams on remediation of found vulnerabilities.
• Participate in information security operations duties, including occasional incident response
escalations as a subject matter expert.
• Evaluate, deploy and support application security technologies, processes and workflows on multiple
platforms (e.g., Server, Client, Mobile, Tablet, etc.)
• Identify and define application security requirements and security baselines.
• Work collaboratively and proactively across the organization (e.g., Technical Architects, Engineering
Leads, Product managers, Digital Media Program (AGILE) Teams, etc.) to support and remediate
security gaps

Qualifications & Experiences...
• 5+ years of product/application security work experience
• Hybrid work environment. Must be based in the Warner Bros. Discovery office, minimum
three-days/week.
• Knowledge of common security principles for web application architectures
• Experience in code reviews, business logic assessment, and application security testing
• Solid understanding of security protocols, cryptography, authentication, authorization and security
• Broad knowledge of Security technologies, process, and techniques and a strong understanding of
application security leading practices including OWASP and CWE
• Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles
• Hands-on experience working with DevOps and Agile driven product teams.
• Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali
Linux.
• Knowledge of practical threat modeling for consumer applications
• Experience in secure software development principles in various languages (Java, Go, JavaScript,
Python, etc.)
• Excellent communication and presentation abilities with great attention to detail
• Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences
Preferred Qualifications:
• Bachelor's degree in IT, Computer Science or Information Security preferred.
• Knowledge of cloud security principles
• Experience in application/tool development with at least one modern programming language
• GPEN, GXPN, GMOB or other Security Certifications

How We Get Things Done…

This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.

The Legal Bits…

Warner Bros. Discovery embraces the opportunity to build a workforce that reflects the diversity of our society and the world around us. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.

If you're a qualified candidate with a disability and you need a reasonable accommodation in order to apply for this position, please contact us at recruitadmin@wbd.com.

Jobcode: Reference SBJ-d25n05-3-131-13-37-42 in your application.