Sr. Analyst-Appsec Remediation



Position Type

Full Time


Technology/Information Technology


United States - New York - New York

Posted Date

Aug. 03, 2020

Req Number


Company Overview

WarnerMedia is a leading media and entertainment company that creates and distributes premium and popular content from a diverse array of talented storytellers and journalists to global audiences through its consumer brands including: HBO, HBO Max, Warner Bros., TNT, TBS, truTV, CNN, DC Entertainment, New Line, Cartoon Network, Adult Swim, Turner Classic Movies and others.

Opportunity Overview

The Team
45 years ago, we changed the face of television, and we continue that today by building and delivering next-generation entertainment and technology solutions across the globe. Our innovations impact advertising, data management, information security, content creation and delivery, business operations, broadcasting and ultimately, the fan experience.

As a technologist at WarnerMedia, you will work at the intersection of art and science. You’ll work for brands that inform and entertain the world including [adult swim], Bleacher Report, Boomerang, Cartoon Network, CNN, ELEAGUE, Great Big Story, HLN, iStreamPlanet, TBS, Turner Classic Movies (TCM), TNT, truTV and Turner Sports- which includes the NBA, NCAA March Madness, Major League Baseball and the UEFA Champions League. You’ll be part of a company that enables community and belonging by creating content that connects with fans when, how and where they want it.

The Job
Sr. AppSec Analyst leads web application security remediation initiatives for the WarnerMedia Cybersecurity Office and serves as an active member of teams that define the application security strategy. A combination of technical acumen and creative thinking is necessary to address matters of threat identification and mitigation. Unlike other security organizations, a consultative and collaborative mindset is of paramount importance.

The Daily
The successful individual will:
  • Serve as a subject matter expert for all matters relating to remediation of web application security vulnerabilities and container security vulnerabilities
  • Leverage a combination of tools such as static analysis (SAST), dynamic analysis (DAST), container registry scanners to identify web application vulnerabilities, vulnerable dependencies, and vulnerabilities within source code
  • Consult with various development teams to facilitate the closure of web application vulnerabilities
  • Own the remediation of security vulnerabilities identified through bug bounty programs.
  • Stay apprised of security risks associated with frameworks such as PHP, Java, JavaScript, Ruby on Rails, and .NET
  • Stay apprised of security risks with Content Management Systems such as Drupal, Wordpress, and in-house developed CMS.
  • Develop capabilities necessary to monitor and detect web application attacks using web application firewalls, security scripts, tools, and services
  • Understands vulnerabilities at an application, database, operating system and network level
  • Provide technical input to security risk assessments
  • Lead multiple complex projects and initiatives and use discretion when negotiating priorities

The Essentials
  • At least 3 years’ experience in web application space with a minimum 2 years information security experience.
  • 1 year experience with identifying vulnerabilities associated with the OWASP Top 10.
  • Must have experience working with Information Security programs.
  • Must have experience with security vulnerability scanners and application scanners (Burp, ZAP, IBM AppScan, Whitehat).
  • Demonstrated ability to successfully perform analysis, support, training, reporting, testing, and project management across multiple, complex system implementations with custom and third-party applications
  • Advanced problem solving and analytical skills

The Perks
Warner Media, LLC and its subsidiaries are equal opportunity employers. Qualified candidates will receive consideration for employment without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.