Welcome to Warner Bros. Discovery… the stuff dreams are made of.
Who We Are…
When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next…
From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.
As a Senior Security Analyst, you will be an important member of the Warner Bros. Discovery Global Information and Content Security (GICS) team. This is a key role that will support Bug Bounty program and Attack Surface Management program, as part of the team within Application Security.
This role will triage vulnerability reports submitted to our Bug Bounty program and Attack Surface Management program. This role will work closely with other functions in the Application Security team (Engineering, Testing, and Vulnerability Management) to improve the overall security posture of Warner Bros. Discovery.
Job Responsibilities
Support GICS Bug Bounty and Attack Surface Management programs.
Triage vulnerability reports submitted to our Bug Bounty program – this includes tracking and responding to submissions, reproducing and chaining vulnerabilities, coordinating with teams to triage and resolve issues, and providing feedback to security researchers.
Assess vulnerability impact, risk, and escalate possible security incidents.
Managing and maintaining enterprise attack surface management capabilities
Provide actionable remediation feedback for findings and/or long-term risk mitigation guidance
Provide clear communication on the issue to application owners and verify the efficacy of vulnerability remediations.
Share learnings from the bug bounty program with adjacent security teams within the company as needed.
Leverage learnings from the program to identify vulnerabilities in software applications and software designing processes to reduce security risks.
Develop tooling to help automate vulnerability discovery and scanning for issues at scale.
Advise application owners on violations of defined application security standards on targets tested for vulnerabilities
Partner with developers to drive improvement in application security as a result of security assessment engagements
Qualifications & Experiences:
Hybrid work environment. Must be based in the WBD's office, minimum three days/week
A bachelor’s degree in computer science, Cybersecurity, or other related fields, from an accredited university or an equivalent professional experience may suffice in lieu of a bachelor’s degree
4+ years of experience in application security testing, code review, bug bounty hunting, or red teaming/capture the flag experience
Experience conducting root cause analysis of vulnerabilities and determining feasible technical solutions
Professional experience with web application security, network security, authN/authZ protocols, cryptography, automation, and other software security
Experience in scripting in Python or other languages to build automation tools
Must be a team player with excellent written and verbal communication skills
Preferred Qualifications:
Exposure to popular Application and API security standards including OWASP ASVS, OWASP Top 10, and OWASP Mobile Top 10.
Prior experience managing or hunting on Bug Bounty programs.
CEH, OSCP or equivalent certification.
Experience working as part of a global team.
How We Get Things Done…
This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.
Championing Inclusion at WBD
If you’re a qualified candidate with a disability and you require adjustments or accommodations during the job application and/or recruitment process, please visit our accessibility page for instructions to submit your request.