Senior Security Engineer
Position Summary
The Sr Security Engineer will support Digital Platforms & Business Systems and assist with diverse information security efforts for Discovery’s continued growth in expanding consumer experiences on digital platforms. Sr Security Engineer will support implementation and auditing of cyber security requirements, and help align requirements with Digital Platforms.
The ideal candidate will be knowledgeable in agile software development methodologies as well as Secure Code best practices. Applicant should have experience collaborating with enterprise architects, application developers, consultants and vendors in a globally distributed environment. Candidate must have several years of hands-on experience with authentication solutions (SAML 2.0, SWA, OIDC, and JWT).
Candidate will provide technical support for D2C teams implementing IDAM technologies and workflows across platforms, including D2C platforms, Discovery’s portfolio of apps and products including Motor Trend, PGA streaming services, and the Eurosport Player – Eurosport being the leading provider of locally relevant, premium sports and Home of the Olympic Games across Europe. In addition, candidate will work closely with the TVN Information Security team – TVN being Discovery’s leading broadcaster in Poland.
Candidate will report directly to the Director of Application Security (D2C) and will work collaboratively and effectively with Global Information Security, Digital, Broadcast, Business Systems and Infrastructure teams to deploy appropriate, risk-based safeguards and technical direction.
Responsibilities
- Develop and execute security assessment test plans, document and present results
- Design, develop and maintain a comprehensive IDaaS solutions based on the Okta (identity and access management) platform
- Have experience in identity access management, to include single sign on, identity federation, enterprise directory architecture and design, and resource provisioning; Okta preferred.
- Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
- Work collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program Teams, etc.) to support and remediate security gaps
- Review Technical Architecture and Delivery for IDAM and other Client Delivery Platforms
- Responsible to install, integrate and deploy IDAM products in client environments.
- Work with the Identity Access Management team to continue making enhancement to the Identity Access Management program.
- Work closely with development teams to perform User management, group management and Password management requests.
- Create and maintain Identify Access Management metrics.
- Document various system access for all Users to store in a centralized repository (CMBD)
- Support efforts regarding audit findings, adherence to compliance and organizational change.
- Responsible for working to resolve Okta system issues escalated within the service level agreement.
- Ability to create, and modify CONOPS, and Standard Operating Procedure documents
- Stay connected to emerging technologies/industry trends and apply them into operations and activities
Requirements
- 5+ years in large, international, Information Security teams
- 5+ years working with Identity and Access Management platforms
- Must be fluent in English, and if possible French and/or Polish
- Broad knowledge of IT Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
- Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)
- Experience working with Agile development/Scrum methodologies, and incorporation of security requirements into SDLC (CI/CD) with product owners/managers
- Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles
- Excellent knowledge of software and application design and architecture
- Strong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
- Experience with Unix/Linux and Windows operating systems in an Active Directory environment
- Experience with endpoint security and SIEM technologies, e.g., Carbon Black, QRadar
- Experience working in large global environments
- Excellent communication and presentation abilities with great attention to detail
- CISSP, CEH, GWEB, CWAPT, CASS, SCADA, CCSP, CSSLP, CISSP-ISSAP or OSCP certifications are highly desired