Application Security Vulnerability Engineer
Discovery hires the very best and brightest talent who are enthusiastic and passionate to fulfill the company’s mission of empowering people to explore their world and satisfy their curiosity.
In exchange for their talent and drive, employees are provided with an engaging, diverse workplace and the resources they need to learn, thrive and grow in their careers.
Job Summary
The Application Security Vulnerability Engineer is expected to work closely with Discovery’s Information Security and application development teams on initiatives to remediate findings and ensure the adoption of technical application security controls.
This is a key role within the Information Security organization that will be focused on application security vulnerability management for our first party application platforms. The Application Security Vulnerability Engineer will partner with development and engineering teams to ensure that all application vulnerabilities are evaluated for risk, analyzed and remediated by priority. The ideal candidate will be motivated, self-sufficient, and able to understand and analyze complex application infrastructures from web content to large media streaming infrastructure.
Responsibilities
- Meet with technology owners weekly to ensure full visibility and understanding of open security vulnerabilities and the risks inherent with those vulnerabilities.
- Maintain and provide a detailed register of all open vulnerabilities, exceptions and remediation actions to ensure constant improvement of the Discovery risk surface.
- Understand risk and remediation strategies for complex application infrastructures.
- Communicate findings, remediation guidance, and security design patterns to development teams.
- Maintain knowledge of current and emerging secure application technologies/products/trends.
- Actively and continuously present and train role-specific knowledge with team members and product teams.
Requirements
- GPEN, GXPN, GMOB, CSSLP, or other similar security certifications preferred but 2-3 years of experience and demonstrated knowledge accepted.
- BS degree in computer science or computer engineering preferred; will consider applicants with equivalent work-related experience with a minimum educational requirement of a high school diploma or GED equivalent.
- Ability to negotiate with business teams on timelines and expectations within the confines of set remediation SLAs.
- Strong customer service, communication, and presentation skills required.
- 4+ years of experience with application security/ vulnerability remediation work.
- Subject matter expert on common security risks in web/mobile applications and web APIs.
- Solid understanding of security protocols, cryptography, authentication, authorization.
- Extensive hands-on experience with application security tools like Burp Suite, ZAP, or MobSF.
- Extensive hands-on experience with SAST and DAST tools like CheckMarx, Fortify, or Netsparker.
- Extensive hands-on experience with CI Systems such as Jenkins.
- Extensive hands-on experience with WordPress deployments and specifically secure adoption of plugins.
- Understanding of DevOps practices.
- Broad knowledge of IT Security technologies, processes, and techniques and a strong understanding of application security practices.
- Must have the legal right to work in the United States
Discovery Communications, Inc. is an equal opportunity employer. Discovery is committed to being an employer of choice, not just a good place to work, but a great and inclusive place to work. To that end, we strive to recruit and maintain a workforce that meaningfully represents the diverse and culturally rich communities that we serve. Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disabled status or, genetic information.
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including but not limited to all local Fair Chance Ordinances.
EEO is the Law
Pay Transparency Policy Statement
California Job Applicant Privacy Policy
If you are an individual with a disability and need an accommodation during the application process, please send an email request to [email protected].