Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Description: 

Discovery hires the very best and brightest talent who are enthusiastic and passionate to fulfill the company’s mission of empowering people to explore their world and satisfy their curiosity.

In exchange for their talent and drive, employees are provided with an engaging, diverse workplace and the resources they need to learn, thrive and grow in their careers.

About

 

As Discovery's portfolio continues to grow – around the world and across platforms – the Product Security team is building the people, technology and process to partner with Discovery’s direct-to-consumer, media technology, and IT systems to meet the world-class standard for which Discovery is known. 
 
Within the broader Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery. The Information Security Team at Discovery is a growing group of cybersecurity professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more.  From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.

Role

Product Security Engineer will work within Discovery’s Information Security team and cooperate with Direct to Consumer (DTC) teams on initiatives to design and deploy appropriate, risk-based application security safeguards and technical application security controls to protect data, services, and technology assets of Discovery's products. The role will focus on application security for our streaming media service and other supporting applications. This Product Security Specialist will work closely with development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. The person taking this position will strive to become a subject matter expert on product security and secure code development, gaining experience through communication and collaboration with various application engineering teams to facilitate the improvement of the existing SSDLC process within the organization.

If you:

  • are passionate about web and mobile application security
  • want to work in an international, fast-paced company
  • want to learn how to secure applications and infrastructure in the cloud
  • would like to be a part of an experienced team of practitioners opened to sharing their knowledge
  • want to learn how to implement security into SDLC (CI\CD)
  • want to have a visible impact on the security of a large suite of products

Join us! 

Key Areas of Responsibility

  • Run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools.
  • Create and run secure code assessments with various application and services engineering teams.
  • Perform manual and automated penetration tests and retests of web and mobile applications.
  • Review technical architecture and delivery for Web and other Client Delivery Platforms.
  • Review current system security measures and recommend or implement enhancements.
  • Review and contribute to application designs and solutions.
  • Review developers’ codes, provide feedback and perform security assessments for consumer-facing applications, services and future technology.
  • Triage risk of identified vulnerabilities and findings.
  • Work with external penetration testers, oversee ongoing pentests and exercises, work with application engineering teams on remediation of found vulnerabilities.
  • Participate (as a subject matter expert) in information security operations duties, including occasional incident response escalations.
  • Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (Server, Client, Mobile, Tablet, etc.).
  • Identify and define application security requirements and security baselines.
  • Work collaboratively and proactively across the organization (e.g., Technical Architects, Engineering Leads, Product managers, etc.) to support and remediate security gaps.

Required Qualifications

  • 6+ years of product/application security work experience.
  • Subject matter expert of common security principles for web application architectures.
  • Experience in code reviews, business logic assessment, and application security testing.
  • Solid understanding of security protocols, cryptography, authentication, authorization and security.
  • Strong knowledge of Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
  • Familiarity with HTML\CSS, JavaScript and UI\UX design and software quality assurance principles
  • Hands on experience working with DevOps and Agile driven product teams. 
  • Familiar with using application security tools at scale like BurpSuite Enterprise/Pro, SAST, DAST, nmap, Metasploit, and Kali Linux.
  • Knowledge of practical threat modeling for consumer applications.
  • Experience in secure software development principles in various languages (Java, Go, JavaScript, Python, etc.).
  • Excellent communication and presentation abilities with great attention to detail.
  • Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences.

Preferred Qualifications

  • Bachelor’s degree in IT, Computer Science or Information Security preferred.
  • Knowledge of cloud security principles.
  • Experience in application/tool development with at least one modern programming language.

Discovery Communications, Inc. is an equal opportunity employer. Discovery is committed to being an employer of choice, not just a good place to work, but a great and inclusive place to work. To that end, we strive to recruit and maintain a workforce that meaningfully represents the diverse and culturally rich communities that we serve. Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disabled status or, genetic information.

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including but not limited to all local Fair Chance Ordinances.

EEO is the Law
Pay Transparency Policy Statement
California Job Applicant Privacy Policy

If you are an individual with a disability and need an accommodation during the application process, please send an email request to [email protected]

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • GolangLanguages
    • PHPLanguages
    • PythonLanguages
    • RubyLanguages
    • ReactLibraries
    • ReduxLibraries
    • AngularJSFrameworks
    • Node.jsFrameworks
    • MongoDBDatabases
    • MySQLDatabases

Location

10401 NE 8th Street, Bellevue, WA 98004
Inside Look at Discovery Digital's Engineering Team
Watch

What are Discovery Direct-to-Consumer Perks + Benefits

Culture
Volunteer in local community
Annual Impact Day where the office volunteers together. Opportunities to volunteer through People Portal. New Hires are given $25 to donate to cause of their choice. Discovery offers matching programs
Partners with Nonprofits
RISE, Turn Up Fight Hunger, Adopt a Family, Oceana, Discovery Project CAT, Give a Little TLC, Inspire a Difference, Building a Difference, Talent Unlimited.
Friends outside of work
Eat lunch together
Intracompany committees
Discovery Women's Network, ableDisability, Multicultural Alliance, Discovery PriDe, Parents at Discovery, Discovery GreenD, Generation D, Discovery Veteran's Association.
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Diversity
Documented equal pay policy
Dedicated Diversity/Inclusion Staff
Unconscious bias training
Someone's primary function is managing the company’s diversity and inclusion initiatives
Diversity Employee Resource Groups
Discovery Women's Network, ableDisability, Multicultural Alliance, Discovery PriDe, Generation D, Discovery Veteran's Association.
Hiring Practices that Promote Diversity
Diverse slate required for leadership roles.
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Team workouts
Mental Health Benefits
Retirement & Stock Options Benefits
401(K)
401(K) Matching
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Match charitable contributions
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Adoption Assistance
Vacation & Time Off Benefits
Generous PTO
Paid Volunteer Time
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Happy Hours
Parking
Relocation Assistance
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Mentorship program
Continuing Education stipend
Online course subscriptions available
Paid industry certifications
More Jobs at Discovery Direct-to-Consumer30 open jobs
All Jobs
Data + Analytics
Design + UX
Dev + Engineer
HR + Recruiting
Product
Project Mgmt
Content
Developer
new
Bellevue
Developer
new
Bellevue
Data + Analytics
new
Bellevue
Developer
new
Bellevue
Developer
new
Bellevue
Product
new
Bellevue
HR + Recruiting
new
Bellevue
Developer
new
Bellevue
Developer
new
Bellevue
Design + UX
new
Bellevue
Product
new
Bellevue
Project Mgmt
new
Bellevue
Developer
new
Bellevue
Developer
new
Bellevue
Product
new
Bellevue
Content
new
Bellevue
Developer
new
Bellevue
Developer
new
Bellevue
Data + Analytics
new
Bellevue
Developer
new
Bellevue
Product
new
Bellevue
Developer
new
Bellevue