Requisition ID 20467
SR. WEB APPLICATION SECURITY DEVELOPER / ARCHITECT – OFFENSIVE CYBER
The Sr. Web Application Security Developer / Architect will work closely with Global Information Security, Discovery’s Broadcast, Digital, and Infrastructure teams to design, deploy appropriate, risk-based security safeguards and technical application security controls.
This position can be based in either New York City, New York or Sterling, Virginia.
1. Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (e.g., Server/Client, Mobile, Tablet, etc.)
2. Conduct application security risk assessment, analysis, and monitoring as needed
3. Research/communicate emerging cybersecurity threats and zero-day vulnerabilities/exploits
4. Develop and execute security assessment test plans, document and present results to customers
5. Review developers’ codes, provide feedback and perform security and risk assessment for consumer facing applications, services, and future technology
6. Create/make pull requests to review and merge code in Git/GitHub or similar DVCS
7. Monitor and maintain real-time monitoring infrastructure and assessment toolkits as needed
8. Perform design analysis, review, piloting, and selection of security technologies that meet specified application/business requirements
9. Identify and define application security requirements and security baselines for the various classes of assets and environments in use at Discovery or its partners
10. Identify and address Information Security control gaps, abnormal behavior patterns and attack techniques to enhance the security program and safeguard the Discovery environment
11. Work collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program (AGILE) Teams, etc.) to support and remediate security gaps
12. Review Technical Architecture and Delivery for Web and other Client Delivery Platforms
13. Understand and recommend security controls for the rapid development of consumer facing prototypes to identify technical options and inform architectural approaches
14. Identify and recommend best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices. (i.e., project, customer, and vendor management skills)
• Ex- NSA/TAO, former penetration testers, or people with significant experience of work in vulnerability research (WEB-app focused).
• 6+ years of cybersecurity architecture and/or application security (appsec, netsec), with a Bachelor’s degree or higher in related field
• Broad knowledge of IT Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
• Extensive experience in code reviews, business logic assessment, and application security testing
• Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)
• Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux, etc.
• Experience in 3rd-party testing tools such as Veracode, WhiteHat, etc., is preferred
• Experience in secure coding and software development in various languages (C#, .NET, Java etc.)
• Experience working with Agile development/Scrum teams, and enthusiastically incorporate security stories/requirements into SDLC (CI/CD) with product owners/managers
• Excellent knowledge of software and application design and architecture
• Strong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
• Experience with Unix/Linux and Windows operating systems in an Active Directory environment
• Experience with endpoint security and SIEM technologies such as ESET, Splunk ES, QRadar, etc.
• Experience working in a large government or corporate enterprise environment
• Excellent communication and presentation abilities with great attention to detail
• CISSP, CEH, GWAPT, or OSCP certifications are highly desired
* Must have the legal right to work in the United States