Info Security Incident Responder

Welcome to Warner Bros. Discovery… the stuff dreams are made of.

Who We Are…

When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next…

From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.

Your New Role:

As an Security Incident Responder , you will be an elite member of the global Discovery InfoSec Cybersecurity Incidents Response Team. You will be leading the incident response investigations for Discovery’s internal customers, setting the world-class standards for professionalism, seniority, leadership, ownership and oversight.

You will work closely with fellow colleagues: InfoSec Incident Responders, Threat Intelligence and Threat Detection Experts, Security Threat Analysts and SOAR, SIEM, NDR and EDR Security Engineering leaders to take the visibility, protection and response capabilities continuously to the next level.

You will have a tactical ownership of our global Managed Detection and Response SOC Provider, steering their efforts in the most desired direction, to enhance our abilities to respond to modern cybersecurity threats.

You will report directly to the Senior Director, Cybersecurity Incident Response within the Discovery InfoSec organization.

This role include participation in a rotational on-call schedule for critical incident response outside regular business hours. Flexibility and readiness to support high-priority incidents is expected as part of our global cybersecurity operations.

Your Role Accountabilities:

●    Lead, steer and oversee the technical response to advanced cyber security incidents, when triaged, investigated and escalated by the global SOC

●    Act as highest level of technical escalation for security incidents identified by Managed SOC Provider Analysts and Incident Responders

●    Establish priority and urgency on a wide spectrum of potential incidents and advise the appropriate response

●    Conduct investigations on infrastructure through forensic analysis to identify Indicators of Compromise (IoCs)

●    Lead the Intelligence-Driven Hypothesis-Based Threat Hunting initiative and cultivate the hunt lifecycle across our massive global IT estate

●    Advise on the development of SOC runbooks and procedures through constant feedback and advising on the iterative improvement

●    Advise on the automation and orchestration playbooks and, working closely with our InfoSec SOAR and ITSM Engineering

●    Advise on the security data collection and analytics, working closely with our InfoSec Platform Engineering and Architecture, SIEM, NDR and EDR included

●    Advise on Threat Detection and Threat Intelligence strategy to ensure a comprehensive and relevant coverage across the MITRE ATT&CK Matrix and potential threat actors targeting the Company

●    Collaborate and advise the Business Owners to contain and resolve security incidents within broad IT domains across the Company

●    Advise on the security posture improvements within the post-incident activities to take our cyber resiliency to the next level

●    Maintain incident reporting and communication strategy with senior InfoSec and Company Business Leadership

Qualifications&Experience:

We are looking for a “full package” seasoned Security Incident Response professional, with a demonstrated track record in the industry. Thus, we expect you to have a broad experience in analyzing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of cybersecurity incidents.

We expect intimate familiarity with the craft of collecting and analyzing security incident related data to identify indicators of attack and compromise.

An ideal Candidate would have a passion for learning new technologies, collaborating with other experts to find solutions, and have a calm and positive attitude with a sense of humor in the neverending battle against the evolving threats.

●    4-6 years of experience with increasing responsibilities within a Security Operations Center / CERT / CIRT / CSIRT / MDR environments

●    Comfortable familiarity with all aspects of the modern Incident Response lifecycle

●    Good understanding of the threats faced by direct to consumer and digital platform organizations

●    Hands-on technical experience with application security topics such as the OWASP top 10

●    Hands-on technical experience with SIEM & logging tools (Splunk, Kibana, Qradar) and the ability to extract actionable intelligence from large volume aggregated log storage

●    Hands-on technical experience with SOAR Platforms and the concepts of runbooks and automation

●    Knowledge and appreciation of MITRE ATT&CK Matrix and its practical applications

●    Solid knowledge of TCP/IP networking and protocols.

●    Hands-on technical experience with public cloud infrastructure and concepts, specifically cloud-native security tools

●    Working knowledge of network and content security systems such NGFW, Proxy, Email Security, Routing and Switching

●    Familiarity with Identity Access Management and SSO brokers

●    Hands on technical experience with open source and commercial proprietary threat intel tools for intelligence gathering

●    SANS GIAC Incident Response certifications (GSEC, GCIH, GCIA, GCFA, GREM) are a substantial plus

●    Other high-end cybersecurity and IT certifications are a plus

●    Solid time management and organizational skills

●    Solid communication and presentation skills

What's in it for you:

●    contract of employment

●    hybrid work

●    benefits package: private medical care, life and accident insurance, MyBenefit cafeteria platform, sports card, social fund, retirement pension plan, Employee Referral Program

●    free access to the HBO Max platform

●    work-life balance initiatives: well-being platform, yoga, massages, educational webinars, Employee Support Program, film screenings organized by employees in the office cinema

●    training and development: training platform, co-financing of English lessons, Employee Resource Groups, Engagement Club - the opportunity to develop your interests in thematic employee groups, online meetings with experts

●    CSR activities: volunteering, ecological and social initiatives

●    access to parking space

Hybrid Working - This role is advertised as a Hybrid work model, that combines remote and in-office work, following our current company policy and to be agreed with your Line Manager. Subject to any applicable laws, WBD / your Line Manager reserves the right to change this working agreement where this is essential to business needs and upon reasonable notice to you.

How We Get Things Done…

This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.

Championing Inclusion at WBD

Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, regardless of sex, gender identity, ethnicity, age, sexual orientation, religion or belief, marital status, pregnancy, parenthood, disability or any other category protected by law.

If you’re a qualified candidate with a disability and you require adjustments or accommodations during the job application and/or recruitment process, please visit our accessibility page for instructions to submit your request.