BellevueWARecruiter Since 2001
the smart solution for Bellevue jobs

Director - Product Security

Company: Discovery
Location: Bellevue
Posted on: May 3, 2021

Job Description:

Discovery hires the very best and brightest talent who are enthusiastic and passionate to fulfill the companys mission of empowering people to explore their world and satisfy their curiosity.In exchange for their talent and drive, employees are provided with an engaging, diverse workplace and the resources they need to learn, thrive and grow in their careers.Position Summary The Director - Product Security to work closely with Discoverys Information Security and Direct to Consumer (DTC) teams on initiatives to protect data, services, and technology assets from external threats. To assist development leaders with the design of adequate security controls based on appropriate risk levels. Assist information security team with reviewing business applications and provide guidance on securing direct to consumer applications ensure Discovery is providing adequate security protecting consumer data.This is a key role within the Information Security department that will be focused on application security for our streaming media service and other supporting applications. The Director of Product Security will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. This person will work closely with Discoverys DTC application teams and will build a community of practice with developers within DTC to support effective communication and collaboration. This person will be the subject matter expert for secure code development and will work with various application engineering teams to develop alternatives for remediation of vulnerabilities.Director will report directly to the VP of Information Security Direct to Consumer, and will work collaboratively and effectively with Global Information Security team, Broadcast and TVN Business Information Security Offices and infrastructure teams to design and deploy appropriate, risk-based safeguards and technical direction. Responsibilities Manage Global Product Security / DevSecOps team, in addition to supporting the U.S. and International Digital organizations.Evaluate, manage and support application security technologies, processes and workflows on multiple platforms (e.g., Server/Client, Mobile, Tablet, etc.)Conduct application security risk assessments, analysis, and monitoring24x7 on-call availability for Information Security Incident Response issues across the globe as it pertains to DTC Business SystemsAbility to manage cyber security risks and threats tied to Discoverys reputation, exposure and regulatory, technology and data complianceDevelop and execute security assessment test plans, document and present resultsReview developers codes, provide feedback and perform security and risk assessment for consumer-facing applications, services, and future technologyPerform design analysis, review, piloting, and selection of security technologies that meet specified application/business requirements, as neededIdentify and define application security requirements and security baselines for the various classes of assets and environments in use at Discovery or its partnersWork collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program Teams, etc.) to support and remediate security gapsReview Technical Architecture and Delivery for Web and other Client Delivery PlatformsUnderstand and recommend security controls for the rapid development of consumer-facing prototypes to identify technical options and inform architectural approachesIdentify and recommend best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices. (i.e., project, customer, and vendor management skills)Engage assigned business lines as the central point-of-contactfor information security controls.Ability to make considered effective decisions, come to sensible conclusions, understand situations, and form objective opinions especially in matters that affect action.Work closely with Global Information Security teams, legal counsel (Privacy/Compliance), IT, Broadcast, Digital teamsand Forensics to discuss/communicate incident response findings/analysis/remediation actions and related strategies that best protect the organization and reassure stakeholders.Manage relationships effectively, advocating for business and external customers by engaging in security-related requirements conversations, seeking understanding of control requirements for presenting to IT security solution architectsAdvocate for the companys security initiatives and controls deployment. Stays knowledgeable about the companys technical controlsand advocates for the technical security control needed by assigned business.Promote and evangelize the companys IT and Information Security Policiesand Standards. Advise stakeholders on security deviation control alternatives, such as compensating controls, and leads stakeholders through the policy deviation process.Requirements Must be willing and able to travel up to 25% of the time10+ years experience in managing Information Security global teams10+ years experience in of cybersecurity architecture/engineering, cloud security, and/or application security (Appsec, Netsec), with a bachelors degree or higher in related fieldMust have high judgment and executive communication (verbal/written) skillsStrong experience in handling cyber/operational security incidents tied to various attack vectors and stakeholdersBroad knowledge of IT Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.Extensive experience in secure code reviews, business logic assessment, and application security testingExperience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)Familiar with application security tools like BurpSuite Pro, SAST, DAST, Nmap, Metasploit, and Kali Linux, etc. (Experience in 3rd-party testing tools such as Veracode, WhiteHat, etc., is also preferred)Experience managing secure coding and software deployment in a variety of current languages (e.g. Python, Node.js, C#, .NET, JavaScript, Go, Ruby, PowerShell, Bash, Scala, SDK and RESTful API design/development).Experience working with Agile development/Scrum methodologies, and incorporation of security requirements into SDLC (CI/CD) with product owners/managersFamiliarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principlesExcellent knowledge of software and application design and architectureStrong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologiesExperience with Unix/Linux and Windows operating systems in an Active Directory environmentExperience with endpoint security and SIEM technologies, e.g., Carbon Black, QRadarExperience working in large global environmentsExcellent communication and presentation abilities with great attention to detailCISSP, CEH, GWEB, CWAPT, CASS, SCADA, CCSP, CSSLP, CISSP-ISSAP or OSCP certifications are highly desiredDiscovery Communications, Inc. is an equal opportunity employer. Discovery is committed to being an employer of choice, not just a good place to work, but a great and inclusive place to work. To that end, we strive to recruit and maintain a workforce that meaningfully represents the diverse and culturally rich communities that we serve. Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disabled status or, genetic information.We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including but not limited to all local Fair Chance Ordinances.EEO is the LawPay Transparency Policy StatementCalifornia Job Applicant Privacy PolicyIf you are an individual with a disability and need an accommodation during the application process, please send an email request to .

Keywords: Discovery, Bellevue , Director - Product Security, Other , Bellevue, Washington

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Washington jobs by following @recnetWA on Twitter!

Bellevue RSS job feeds