Every great story has a new beginning, and yours starts here.
Welcome to Warner Bros. Discovery... the stuff dreams are made of.
Who We Are...
When we say, "the stuff dreams are made of," we're not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD's vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what's next...
From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.
Your New Role...
The Director of Cloud Security Operations & Vulnerability Management will lead the evolution of a best-in-class cloud security operations program at Warner Bros. Discovery (WBD). Leveraging your significant experience in information security, cloud architecture and engineering, vulnerability management, and DevSecOps practices, you will be expected to broaden and sharpen our capability to manage the incoming security engineering needs while rapidly surfacing, driving down, and reporting on vulnerabilities across our AWS, GCP, and Azure environments.
Your Role Accountabilities...
• Lead and mentor teams of cloud security professionals providing technical guidance and support to ensure their success in WBD's InfoSec department.
• Act as a highly technical cloud security and pipeline automation subject matter expert.
• Lead, expand, and modernize WBD's Cloud Vulnerability Management program.
Research, innovate, and design cloud first security solutions.Identify opportunities to reduce cloud security risk for WBD and lead the team in implementation of those solutions.Collaborate with senior management and department leaders to assess near- and long-term cloud security needs and report on progress of vulnerability remediations.Lead partnerships with external DevOps and SRE teams to consult on secure cloud development practices and develop artifacts to help them integrate cloud security automation into their pipelines.Create, maintain, and present documentation as it relates to cloud security operation's designs/configurations, processes, standards, and recommendations.Provide guidance for security remediation to business and IT partners by demonstrating real, practical risk and value.Maintain an awareness of cloud-costs and the cost implications of the security controls implemented.Interface with Public Cloud providers to improve the security feature set of their products.Interface with cloud security vendors to evaluate features and determine proof-of-value.Staying current with the latest cloud threat mitigation tools and techniques.
Qualifications & Experience...
Bachelor's or master's degree in computer science, Information Security, or related field. required.10+ years of experience in the Information Security space.4+ years of experience directly leading technical teams in an Agile environment.2+ years of experience in threat assessment and reporting security posture to leadership.Strong understanding of cloud-based infrastructure components with specific understanding of security risks presented in decentralized and hybrid environments.Comfortable automating processes start to finish and can work closely with internal architecture and external product teams.Demonstrated knowledge of OWASP and SANS testing methodologiesSuperior analytical and problem-solving skills.Excellent written and verbal communication skills; strong attention to detail.Strong executive reporting and narrative based presentation skills.Hands-on experience with some of the following:Docker and Kubernetes Developing & securing Serverless applicationsSecurity administration in AWS/GCP/Azure CI/CD and DevOps Tooling (Git, Jenkins, CircleCI)Infrastructure as Code tools (CloudFormation, Terraform)Command Line experience (Bash, Powershell, AWS-CLI)Cloud native security related tools (AWS Guard Duty, AWS WAF, GCP Security Center)Cloud Network (VPC) engineeringRemains productive while rapidly switching context.Thirst for knowledge and constantly driven to stay current with evolving threat landscapes.
The Nice to Haves
Certifications in related areas (e.g. SANS GPEN/GWAPT/GXPN, OSCP, CEH) are a plusAWS Certifications - AWS Solutions Architect (Associate), AWS Security SpecialtyGCP Certifications - Associate Cloud Engineer, Professional Security EngineerSecurity Engineer Certifications - CISSP, CompTIA Security+Proficient in at least one scripting language (Python, Nodejs, Golang)Core understanding of IP Networking, routing, VPNs.Some visualization tool knowledge (i.e. Tableau, Power BI)Familiarity with tools such as Wiz, Qualys, Splunk, AlertLogic, Burp, nmap, Metasploit, etc.
How We Get Things Done...
This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.
The Legal Bits...
Warner Bros. Discovery embraces the opportunity to build a workforce that reflects the diversity of our society and the world around us. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.
If you're a qualified candidate with a disability and you need a reasonable accommodation in order to apply for this position, please contact us at [email protected].