Job Directory Director - Application Security

Director - Application Security
Bellevue, WA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Position Summary

The Sr. Web Application Security Developer/Architect will work closely with Global Information Security, Discovery's Broadcast, Digital, and Infrastructure teams to design, deploy appropriate, risk-based security safeguards and technical application security controls.

Responsibilities

1. Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (e.g., Server/Client, Mobile, Tablet, etc.)2. Conduct application security risk assessment, analysis, and monitoring as needed 3. Research/communicate emerging cybersecurity threats and zero-day vulnerabilities/exploits4. Develop and execute security assessment test plans, document and present results to customers5. Review developers' codes, provide feedback and perform security and risk assessment for consumer facing applications, services, and future technology 6. Create/make pull requests to review and merge code in Git/GitHub or similar DVCS7. Monitor and maintain real-time monitoring infrastructure and assessment toolkits as needed8. Perform design analysis, review, piloting, and selection of security technologies that meet specified application/business requirements9. Identify and define application security requirements and security baselines for the various classes of assets and environments in use at Discovery or its partners10. Identify and address Information Security control gaps, abnormal behavior patterns and attack techniques to enhance the security program and safeguard the Discovery environment11. Work collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program (AGILE) Teams, etc.) to support and remediate security gaps12. Review Technical Architecture and Delivery for Web and other Client Delivery Platforms13. Understand and recommend security controls for the rapid development of consumer facing prototypes to identify technical options and inform architectural approaches14. Identify and recommend best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices. (i.e., project, customer, and vendor management skills)

Requirements

* Ex- NSA/TAO, former penetration testers, or people with significant experience of work in vulnerability research (WEB-app focused).* 6+ years of cybersecurity architecture and/or application security (appsec, netsec), with a Bachelor's degree or higher in related field* Broad knowledge of IT Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.* Extensive experience in code reviews, business logic assessment, and application security testing* Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)* Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux, etc.* Experience in 3rd-party testing tools such as Veracode, WhiteHat, etc., is preferred* Experience working with and coding in Python, Node.js, JavaScript, Go, Ruby, PowerShell, Bash, and Scala. (SDK and RESTful API design/development is preferred)* Experience in secure coding and software development in various languages (C#, .NET, Java etc.)* Experience working with Agile development/Scrum teams, and enthusiastically incorporate security stories/requirements into SDLC (CI/CD) with product owners/managers* Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles* Excellent knowledge of software and application design and architecture* Strong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies* Experience with Unix/Linux and Windows operating systems in an Active Directory environment* Experience with endpoint security and SIEM technologies such as ESET, Splunk ES, QRadar, etc. Experience working in a large government or corporate enterprise environment* Excellent communication and presentation abilities with great attention to detail* CISSP, CEH, GWAPT, or OSCP certifications are highly desired
* Must have the legal right to work in the United States

Bellevue, Washington, Seattle, WA

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.