Sr. Analyst-Appsec Remediation
United States - New York - New York
Aug. 03, 2020
Company OverviewWarnerMedia is a leading media and entertainment company that creates and distributes premium and popular content from a diverse array of talented storytellers and journalists to global audiences through its consumer brands including: HBO, HBO Max, Warner Bros., TNT, TBS, truTV, CNN, DC Entertainment, New Line, Cartoon Network, Adult Swim, Turner Classic Movies and others.
Opportunity OverviewThe Team
45 years ago, we changed the face of television, and we continue that today by building and delivering next-generation entertainment and technology solutions across the globe. Our innovations impact advertising, data management, information security, content creation and delivery, business operations, broadcasting and ultimately, the fan experience.
As a technologist at WarnerMedia, you will work at the intersection of art and science. You’ll work for brands that inform and entertain the world including [adult swim], Bleacher Report, Boomerang, Cartoon Network, CNN, ELEAGUE, Great Big Story, HLN, iStreamPlanet, TBS, Turner Classic Movies (TCM), TNT, truTV and Turner Sports- which includes the NBA, NCAA March Madness, Major League Baseball and the UEFA Champions League. You’ll be part of a company that enables community and belonging by creating content that connects with fans when, how and where they want it.
Sr. AppSec Analyst leads web application security remediation initiatives for the WarnerMedia Cybersecurity Office and serves as an active member of teams that define the application security strategy. A combination of technical acumen and creative thinking is necessary to address matters of threat identification and mitigation. Unlike other security organizations, a consultative and collaborative mindset is of paramount importance.
The successful individual will:
- Serve as a subject matter expert for all matters relating to remediation of web application security vulnerabilities and container security vulnerabilities
- Leverage a combination of tools such as static analysis (SAST), dynamic analysis (DAST), container registry scanners to identify web application vulnerabilities, vulnerable dependencies, and vulnerabilities within source code
- Consult with various development teams to facilitate the closure of web application vulnerabilities
- Own the remediation of security vulnerabilities identified through bug bounty programs.
- Stay apprised of security risks with Content Management Systems such as Drupal, Wordpress, and in-house developed CMS.
- Develop capabilities necessary to monitor and detect web application attacks using web application firewalls, security scripts, tools, and services
- Understands vulnerabilities at an application, database, operating system and network level
- Provide technical input to security risk assessments
- Lead multiple complex projects and initiatives and use discretion when negotiating priorities
- At least 3 years’ experience in web application space with a minimum 2 years information security experience.
- 1 year experience with identifying vulnerabilities associated with the OWASP Top 10.
- Must have experience working with Information Security programs.
- Must have experience with security vulnerability scanners and application scanners (Burp, ZAP, IBM AppScan, Whitehat).
- Demonstrated ability to successfully perform analysis, support, training, reporting, testing, and project management across multiple, complex system implementations with custom and third-party applications
- Advanced problem solving and analytical skills