Application Security Engineer

About the job

Overview

As Discovery’s portfolio continues to grow – around the world and across platforms – the Global Technology &

Operations team is building media technology and IT systems that meet the world-class standard for which

Discovery is known. Implements and maintains the business systems and technology that are critical for

delivering Discovery’s products, while articulating the long-term technology strategy that will enable

Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more

platforms.

Within our Information Security team, there has never been a busier or more urgent time to obtain the best

talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in

companies across the globe, and across all industries, the Information Security Team at Discovery is a growing

group of cyber security professionals, that are using the latest tools and resources to protect the assets

from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal

Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with

protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection,

and more.

The Role

As an Application Security Engineer, you will work on a cross-functional Product Security team supporting

Discovery’s Information Security and Direct-to-Consumer (DTC) organizations. This is a key role within the

Information Security organization that will be focused on application security for our streaming media service

and other supporting applications. The Application Security Engineer will be a valued partner to development

and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained.

This person will work closely with Discovery’s DTC product teams and will build a community of practice with

developers within DTC to support effective communication and collaboration. This person will be the subject

matter expert for secure code development and will work with various application engineering teams to

develop alternatives for remediation of vulnerabilities.

If you:

  • are passionate about web and mobile application security
  • want to work in an international, face-paced company
  • want to learn how to secure consumer-facing applications
  • would like to be a part of an experienced team of practitioners open to sharing their knowledge
  • want to learn how to implement security into SDLC (CI\CD)
  • want to have a visible impact on the security of a large suite of products

Join us!

Responsibilities

  • Be creative and solve problems with solutions that can scale
  • Run, maintain, and utilize security tools for the Appsec program
  • Review and contribute to application designs and solutions
  • Collaborate with development teams to ensure secure coding best practices are followed
  • Assist with code reviews
  • Perform security and risk assessments for consumer-facing applications and services
  • Identify and define application security requirements and security baselines
  • Work collaboratively and proactively across the organization with Product Teams on Application Security initiatives
  • Communicate Findings/Remediation Guidance/Security Design Patterns to development teams
  • Maintain knowledge of current and emerging secure application technologies/products/trends
  • Actively and continuously share role-specific knowledge with team members and product teams

Qualifications

  • 3+ years of experience with application security/penetration testing work
  • Experience in application security principles and best practices
  • Experience driving application security requirements/analysis at all stages of the Software Development Lifecycle
  • Experience using common application security testing tools and techniques to perform security assessments across web/mobile/API technologies
  • Experience identifying security issues, assessing risk, and providing remediation guidance
  • Experience with application security tools like Burp Suite and ZAP
  • Experience working with Agile development/Scrum teams
  • Experience in practical threat modeling for consumer applications
  • Understands industry AppSec standards such as OWASP Application Security Verification Standard (ASVS) and OAuth2

Preferred Qualifications:

  • Experience utilizing GitHub product features, such as GitHub Actions and Supply Chain Security
  • Experience using CodeQL
  • Experience automating AppSec tooling and data collection using scripting languages
  • Knowledge of API security architecture and technologies
  • Knowledge of cloud architecture and security principles
  • Bachelor’s degree in IT, Computer Science, or Information Security preferred.
  • GPEN, GXPN, GMOB, CSSLP, or other similar Security Certifications

More Information

Apply for this job

Leave your thoughts

Share this job