Application Security Engineer - DTC
Discovery Communications
 New York, NY






  • Application Security Engineer - DTC






    Posted Date

    1 month ago(9/5/2019 10:08 AM)





    Requisition ID

    24277



    Location


    US-NY-New York City


    Career Category

    IT & Technical Operations


    Type

    Company Employee Full-Time









  • Position Summary




    The Application Security Engineer to work closely with Discovery’s Information Security and Direct-to-Consumer (DTC) teams to ensure that adequate security controls, SDLC processes, and testing is conducted on media consumer solutions.



    Application Security Engineer will report to Director of Application who specializes in – and is accountable for – information security issues relevant to Direct-to-Consumer (D2C), customer-facing technologies, appropriate protection of user and customer information (e.g. GDPR, PCI, SOX), and retail consumer privacy. Application Security Engineer will assist with translation and review of execution of cyber security requirements, and help align requirements with Digital Platforms.



    The Application Security Engineer will be knowledgeable in development processes with experience in developing secure applications. Applicant will have a key role in the development and implementation of a secure Software Development Life Cycle (SDLC). Applicant will drive the secure implementation of front-end web-based technologies on our platforms to support revenue and user growth for Discovery D2C digital products which include consumer-facing web sites, mobile applications, and content applications. Will provide technical support for D2C teams evaluating application security technologies and workflows across platforms, including D2C platforms, Discovery’s portfolio of TV Everywhere apps and products, Motor Trend, PGA streaming services, and the Eurosport Player – Eurosport being the leading provider of locally relevant, premium sports and Home of the Olympic Games across Europe. In addition, VP will have management responsibility for TVN Information Security – TVN being Discovery’s leading broadcaster in Poland.







    Responsibilities




    1. 24x7 on-call availability for Information Security issues across the globe
    2. Develop and execute security assessment test plans, document and present results
    3. Review developers’ codes, provide feedback and perform security and risk assessment for consumer-facing applications, services, and future technology
    4. Perform design analysis, review, piloting, and selection of security technologies that meet specified application/business requirements, as needed
    5. Identify and define application security requirements and security baselines for the various classes of assets and environments in use at Discovery or its partners
    6. Work collaboratively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program Teams, etc.) to support and remediate security gaps
    7. Review Technical Architecture and Delivery for Web and other Client Delivery Platforms
    8. Work closely with the development teams within an agile development process to fix security issues identified in largescale user-facing web applications
    9. Lead and mentor developers in utilize secure development techniques and libraries
    10. Lead in the development and providing guidance during architecture and design activities of new and existing applications, while also conducting architectural risk and impact assessments on new and existing applications
    11. Maintain knowledge of current and emerging secure application technologies/products/trends related to architectural solutions; actively and continuously share this knowledge with others
    12. Communicate Findings/Remediation Guidance/Security Design Patterns to development teams in a concise and succinct manner
    13. Increase knowledge in application security through self-study, training, and certifications.
    14. Research and gather secure code specifications and requirements based on OWASP
    15. Stay connected to emerging technologies/industry trends and apply them into operations and activities







    Requirements




    * 4+ years in managing Information Security global teams
    * 4+ years of cybersecurity architecture/engineering and/or application security (appsec, netsec), with a Bachelor’s degree or higher in related field
    * Must be fluent in English and if possible French or Polish
    * Broad knowledge of IT Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
    * Experience in secure code reviews, business logic assessment, and application security testing
    * Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)
    * Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux, etc. (Experience in 3rd-party testing tools such as Veracode, WhiteHat, etc. is also preferred)
    * Experience managing secure coding and software deployment in a variety of current languages (e.g. Python, Node.js, C#, .NET, JavaScript, Go, Ruby, PowerShell, Bash, Scala, SDK and RESTful API design/development).
    * Experience working with Agile development/Scrum methodologies, and incorporation of security requirements into SDLC (CI/CD) with product owners/managers
    * Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles
    * Excellent knowledge of software and application design and architecture
    * Strong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
    * Experience with Unix/Linux and Windows operating systems in an Active Directory environment
    * Experience with endpoint security and SIEM technologies, e.g., Carbon Black, QRadar
    * Experience working in large global environments
    * Excellent communication and presentation abilities with great attention to detail
    * CISSP, CEH, GWEB, CWAPT, CASS, SCADA, CCSP, CSSLP, CISSP-ISSAP or OSCP certifications are highly desired

    * Must have the legal right to work in the United States

    New York City, New York, NYC, NY









    Discovery Communications, Inc. is an equal opportunity employer. Discovery is committed to being an employer of choice, not just a good place to work, but a great and inclusive place to work. To that end, we strive to recruit and maintain a workforce that meaningfully represents the diverse and culturally rich communities that we serve. Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disabled status or, genetic information.



    EEO is the Law



    Pay Transparency Policy Statement



    If you are an individual with a disability and need an accommodation during the application process, please send an email request to HR@discovery.com.