Product Security Engineer

Welcome to Warner Bros. Discovery… the stuff dreams are made of.

Who We Are…

When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next…

From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.

Product Security Engineer will work within Warner Bros. Discovery’s Global Information and Content Securityteam and cooperate with Direct to Consumer (DTC) teams on initiatives to design and deploy appropriate, risk-based application security safeguards and technical application security controls to protect data, services, and technology assets of Warner Bros. Discovery's products. The role will focus on application security for our streaming media service and other supporting applications. This Product Security Engineer will work closely with development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. The person taking this position will strive to become a subject matter expert on product security and secure code development, gaining experience through communication and collaboration with various application engineering teams to facilitate the improvement of the existing SSDLC process within the organization.

If you:

• are passionate about web and mobile application security

• want to work in an international, fast-paced company

• want to learn how to secure applications and infrastructure in the cloud

• would like to be a part of an experienced team of practitioners opened to sharing their knowledge

• want to learn how to build security into SDLC (CI/CD)

• want to have impact on the security of a large suite of products

Join us!

Responsibilities:

• Review technical architecture and delivery for web and other client delivery platforms.

• Review current system security measures and recommend or implement enhancements.

• Review and contribute to application designs and solutions.

• Identify and define application security requirements and security baselines.

• Support application security team with static and dynamic code analysis.

• Perform manual and automated penetration tests and retests of web and mobile applications.

• Review developers’ code, provide feedback and perform security assessments for consumer-facing applications, services and future technology.

• Triage risk of identified vulnerabilities and findings.

• Work with external penetration testers, oversee ongoing pentests and exercises, work with application engineering teams on remediation of found vulnerabilities.

• Participate (as a subject matter expert) in information security operations duties, including occasional incident response escalations.

• Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (server, client, mobile, tablet etc.).

• Work collaboratively and proactively across the organization (e.g., Technical Architects, Engineering Leads, Product Owners etc.) to support and remediate security gaps.

Requirements

• 3+ years of product/application security work experience.

• Knowledge of common security principles for web application architectures.

• Knowledge of practical threat modeling for consumer applications.

• Experience in code reviews, business logic assessment, and application security testing.

• Solid understanding of security protocols, cryptography, data security, networking, access control, client and server-side protections.

• Broad knowledge of security technologies, processes, and techniques and a strong understanding of application security leading practices including OWASP and CWE.

• Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles.

• Hands-on experience working with DevOps and Agile driven product teams.

• Familiarity with application security tools like BurpSuite Pro, SAST/DAST, nmap, Metasploit, and Kali Linux.

• Experience in secure software development principles in various languages (Java, Go, JavaScript, Python etc.).

• Excellent communication and presentation abilities with great attention to detail.

• Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences.

• Languages: Fluent English and Polish.

• Preferred Qualifications

• Bachelor’s degree in Computer Science or Information Security preferred.

• Knowledge of cloud security principles.

• Experience in application/tool development with at least one modern programming language.

Please be informed that we will consider applications only in English version.

We offer

• Contract of employment

• Hybrid work model (3 days from the office, 2 days from home)

• Free access to Max

• Benefit package: private medical health care, life insurance, MyBenefit cafeteria including sport card, social funds, retirement pension plans, recognition platform, employee referral program

• Work-life balance initiatives: wellbeing platform, yoga, educational webinars, Employee Assistance Program, internal media initiatives

• Training & development: sharing the cost of English lessons, Employee Resource Groups, Bridge learning platform, sharing sessions with experts

• CSR activities: volunteering, eco & social initiatives

• Casual dress code

• Parking available for booking

#LI-Hybrid 

How We Get Things Done…

This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/  along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.

Championing Inclusion at WBD

Warner Bros. Discovery embraces the opportunity to build a workforce that reflects the diversity of our society and the world around us. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, regardless of sex, gender identity, ethnicity, age, sexual orientation, religion or belief, marital status, pregnancy, parenthood, disability or any other category protected by law.

If you’re a qualified candidate and you require adjustments or accommodations to search for a job opening or apply for a position, please contact us at recruitadmin@wbd.com.