Sr Staff Engineer, Application Security

Job Description

The Job

We are the team responsible for championing and influencing secure technology choices across the organization. Guiding the design and deployment of features utilizing secure architectures. We play a primary role in instilling security standards and implementing cutting-edge innovative countermeasures. Our team works within our overall corporate entity to develop and instill a DevSecOps mindset across our HBO Max product development organization.

HBO Max represents some of the world's most beloved entertainment content and online experiences. We protect our company assets and customer data. Constantly striving to do better by monitoring the effectiveness of our security programs, processes, and controls. Most importantly, we monitor the processes that safeguard the confidentiality, integrity, and availability of our data.

We act as a primary interface in advising our broader organization and business leaders on the importance and value of security. Offering practical implications of emerging threats and identifying cyber risks that arise as our business partners advance new strategies.

The Daily

The candidate will champion Application Security efforts within the organization with a focus on identifying and remediating vulnerabilities with automation where possible. The successful candidate will assist in developing a set of engineering security standards for the organization that drives security awareness and collaboration to enable secure engineering practices & resiliency into all applications/systems.

The Application Security engineer will:

Collaborate with other engineers in security code reviews to identify and fix issues in our applications and infrastructure
Develop tooling to automate manual security processes
Lead security-related projects from inception to successful completion.
Perform hands-on internal assessments on our platform and infrastructure
Conduct regular security and risk assessments of HBO Max's applications, infrastructure, and security controls.
Interface with other teams and take a leadership role in driving customer security and privacy initiatives.

The Essentials
• 5+ years of relevant experience in an Information Security Engineer role
• Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
• Subject matter expertise on secure design & coding practices
• Experience working with AWS or other cloud environments
• An understanding of network and web-related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Understanding of Vulnerability Management and other general security testing principles with the ability to provide specific recommendations on how to fix vulnerabilities
• Experience with Infrastructure-as-Code (CloudFormation, Terraform, Ansible, etc) and Security-as-Code.

Recommended, but not required:

Familiarity with industry regulations, such as PCI, GDPR, and CCPA.

The Perks​
• HBO exclusive events
• Paid time off to volunteer
• Access to well-being tools, resources, and freebies
• Access to in-house learning and development resources
• Part of the WarnerMedia family of powerhouse brands

Jobcode: Reference SBJ-gqe19g-13-59-201-197-42 in your application.