Application Cyber Security / Penetration Tester

Job Description

A little bit about our team:

Global team of dynamic, creative and collaborative problems solvers working together to build highly secure and scalable solutions to drive innovation and operational excellence. This represents a technical and experienced position in the IT organization. This position will be called upon to represent IT organizations by internal and external organizations. An individual in this position is responsible for making the production systems more reliable by performing day-to-day operations including system monitoring, troubleshooting, problem identification, resolution and restoral following established and documented procedures and with minimal direction. This group is the digital thought and technology collective working with world class creative Media & Entertainment executives and their teams; acting as the trusted operators and strategic partners with them to deliver the best possible outcomes.

Why this could be your next big break:

This is an opportunity to move the needle and make a significant impact within a large global enterprise. Responsibilities include building out and executing an application security program with a focus on penetration testing. Requires excellent communication and technical skills, while working closely with all business units within Warner Music Group in determining design criteria and proof of concept as they relate to each business offering. Collaborate, design and implement ideas with business leaders from whiteboard to digital delivery and be a true partner with our business leaders. Recognize that as a Service Organization we're there to partner and steward the organization to operate efficiently, drive revenue and manage risk.

Here you'll get to:
• Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Develop security strategy plans and roadmaps based on sound enterprise architecture practices
• Participate in application and infrastructure projects to provide security-planning advice
• Ability to perform secure application code review, and coordinate with development teams to advocate secure coding practices. Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts
• Plan and schedule penetration tests of our application environment
• Run code review process and integrate into CI/CD pipeline
• Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data
• Review all existing and new security technologies, tools and services, and make recommendations to the broader application/engineering team
• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle
• Participate in all information security related incident response activities.
• Stay abreast of information security events, news, trends and evolving legislative/regulatory changes

About you:

10+ years previous hands-on network administration using the following skills:
• Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, DLP (Data Loss Prevention) and log management technology
• Direct experience managing and working with MSSP (managed security service providers)
• Direct experience executing an application security program (code reviews, pen testing)
• Verifiable experience reviewing application code for security vulnerabilities
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
• Scripting – PowerShell, Python, Bash, etc.
• Experience leading high profile security projects

It would be music to our ears if you also had:
• CI/CD pipeline DEVSECOPS experience
• Cloud experience (AWS/Azure)
• Regulations, Standards and Frameworks
• Payment Card Industry Data Security Standard (PCI-DSS)
• Sarbanes-Oxley
• General Data Protection Regulation (GDPR)
• NIST Cybersecurity Framework (CSF)

Salary Range
$160,000 - $170,000

Salary ranges are included for job postings where required by law. The actual base pay is dependent upon many factors, such as work experience and business needs. The pay range is subject to change at any time dependent on a variety of internal and external factors.

Links to relevant documents:

2023 Benefits At A Glance.pdf

EVerify Participation Poster.pdf

Right To Work - English.pdf

Right to Work - Spanish.pdf

Jobcode: Reference SBJ-dy29p0-3-238-180-174-42 in your application.