Staff Incident Responder

Job Description

Warner Bros. Discovery (WBD) is seeking a highly skilled Incident Responder to spearhead cybersecurity investigations, coordinate response efforts, and strengthen WBD's overall security posture. This role requires an experienced security professional who can lead complex investigations, optimize incident response processes, and act as the resident SME for host, network, and cloud forensics.
You will be responsible for managing security incidents from detection to resolution, working closely with internal stakeholders, security operations teams, and leadership to contain threats, mitigate risks, and enhance response capabilities. You will play a pivotal role in developing proactive security detections, refining incident response playbooks, and leading tabletop exercises to ensure the organization's readiness against evolving cyber threats.
This role is ideal for a seasoned cybersecurity expert with deep expertise in incident handling, threat research, malware analysis, and forensic investigations across various environments, including on-premises, cloud, and large-scale enterprise networks.
Your Role Accountabilities
• Incident Management: Lead and oversee the identification, containment, eradication, and recovery efforts during cybersecurity incidents.
• Incident Coordination: Act as the primary point of contact for all internal and external stakeholders during a cybersecurity incident. Coordinate cross-functional teams, including IT, legal, communications, and senior management, to ensure a unified response.
• Root Cause Analysis: Lead investigations to determine the root cause of security incidents.
• Incident Documentation: Ensure detailed and accurate documentation of incidents, including timelines, decisions made, and actions taken.
• Continuous Improvement: Develop and enhance incident response procedures, playbooks, and workflows. Regularly review and update incident response protocols to ensure they are aligned with evolving threat landscapes.
• Threat Intelligence Integration: Integrate threat intelligence into incident response activities .
• Training and Awareness: Organize and lead regular training sessions, tabletop exercises, and simulations to keep the IR team and other relevant stakeholders prepared for real-world incidents. Conduct assessments of the organization's incident readiness.
• Collaboration with Other Teams: Work closely with the C SOC, Security teams and other business units to ensure seamless and efficient incident response.
• Incident Metrics and Reporting: Track key performance indicators (KPIs) for incident response efforts, reporting metrics on the effectiveness and efficiency of incident handling.
• Post-Incident Analysis and Threat Hunting: Lead post-incident reviews to analyze the effectiveness of the response and identify areas for improvement. Engage in proactive threat hunting activities to detect early indicators of compromise and mitigate potential future incidents.

Qualifications & Experiences
• 7+ years of technical cybersecurity experience in Incident Response, Security Operations, and Threat Intelligence.
• Expertise in at least 7 of the following disciplines: SIEM, cloud security, host forensics, network forensics, malware analysis, intrusion detection, anomaly detection, threat research.
• Advanced knowledge of security incidents and attack techniques, including exploits, vulnerabilities, network intrusions, malware families, and threat actor tactics, techniques, and procedures (TTPs).
• Hands-on experience in forensic investigations, including host analysis, memory forensics, network anomaly detection, and packet capture (PCAP) analysis.
• Strong cloud security knowledge with hands-on experience in AWS, Azure, and Google Cloud Platform (GCP) incident response and forensic analysis.
• Expertise in operating systems including Windows, macOS, and Linux, with deep understanding of security logs and forensic artifacts.
• Proficiency in scripting (Python, PowerShell, Bash, Perl) and Regular Expressions (RegEx) for automation and security analysis.
• Ability to conduct risk analysis and identify Indicators of Compromise (IOCs) across multiple attack vectors (email, endpoint, network, cloud).
• Excellent verbal and written communication skills, with the ability to convey complex technical details.
• Strong leadership skills, with the ability to manage multiple priorities in high-pressure environments and collaborate with teams in remote locations.
• Highly motivated self-starter with strong attention to detail, ownership mentality, and a proactive approach to cybersecurity threats.
Preferred experience:
• Intermediate or higher Security Certifications are a plus - CYSA+, CISSP, CFR, CHFI, GCIH, GCFA, or GNFA, PenTest+, OSCP, etc.

Additional Information
On December 5, Netflix and Warner Bros. Discovery announced they have entered into a definitive agreement under which Netflix will acquire Warner Bros., including its film and television studios, HBO Max and HBO. The transaction is expected to close after the separation of Warner Bros. Discovery's Global Networks division, Discovery Global, into a new publicly-traded company, which is expected to be completed in Q3 2026. For more details, including leadership appointments and information on individual brands, please visit our newsroom here.
Although you will be hired by Warner Bros. Discovery, upon the planned spin-off of Discovery Global in 2026, your employment likely will transition to Warner Bros. (or) transition to Discovery Global. During this period of transformation, you'll have an exciting opportunity to lay the foundation at one of the world's premier entertainment brands.

Championing Inclusion at WBD
Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.
If you're a qualified candidate with a disability and you require adjustments or accommodations during the job application and/or recruitment process, please visit our accessibility page for instructions to submit your request.

Jobcode: Reference SBJ-4kxw1z-216-73-216-222-42 in your application.