22 days old

Sr Application Security Engineer

Discovery Inc
New York, NY 10001
Apply Now
Apply on the Company Site
  • Job Code
Discovery Inc

Location: New York, New York, United States,
Req ID: 12443


As Discoverys portfolio continues to grow around the world and across platforms the Global Technology & Operations team is building media technology and IT systems that meet the world-class standard for which Discovery is known. Implements and maintains the business systems and technology that are critical for delivering Discoverys products, while articulating the long-term technology strategy that will enable Discoverys growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.

There has never been a busier or more urgent time within our Information Security team to obtain the best talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cybersecurity professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.

The Application Security Engineer will work closely with Discoverys Information Security and Direct-to-Consumer (DTC) teams on initiatives to protect data, services, and technology assets and design and deploy appropriate, risk-based application security safeguards and technical application security controls.

This is a key role within the Information Security organization that will be focused on application security for our streaming media service and other supporting applications. The Application Security Engineer will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. This person will work closely with Discoverys DTC application teams and will build a community of practice with developers within DTC to support effective communication and collaboration. This person will be the subject matter expert for secure code development and will work with various application engineering teams to develop alternatives for the remediation of vulnerabilities.

If you:
  • are passionate about web and mobile application security
  • want to work in an international, face-paced company
  • want to learn how to secure consumer-facing applications
  • would like to be a part of an experienced team of practitioners opened to sharing their knowledge
  • want to learn how to implement security into SDLC (CI\CD)
  • want to have a visible impact on the security of a large suite of products

Join us!


  • Be creative and solve problems with solutions that can scale
  • Run, maintain, and utilize security tools for the Appsec program
  • Own Application Security engagements with Product Teams across their SDLC
  • Lead security code reviews and contribute to application designs and solutions
  • Collaborate with development teams to ensure secure coding best practices are followed
  • Perform security and risk assessments for consumer-facing applications and services
  • Identify and define application security requirements and security baselines
  • Work collaboratively and proactively across the organization with Product Teams on Application Security initiatives
  • Communicate Findings/Remediation Guidance/Security Design Patterns to development teams
  • Maintain knowledge of current and emerging secure application technologies/products/trends
  • Actively and continuously present/train role-specific knowledge with team members and product teams


  • 6+ years of experience with application security/penetration testing work
  • Subject matter expert on common security risks in web/mobile applications and web APIs
  • Solid understanding of security protocols, cryptography, authentication, authorization
  • Extensive hands-on experience with;
    • code reviews, business logic assessments, and application security testing
    • application security tools like Burp Suite, ZAP, or MobSF
    • practical threat modeling for consumer applications
    • testing methods such as SAST/DAST/IAST
    • CI Systems such as Jenkins
  • Experience in;
    • secure coding and software development in various languages (Java, Go, JavaScript, Python, etc.)
    • working with Agile development/Scrum teams
    • incorporating security requirements into a SDLC
    • building and deploying solutions with modern programming languages in a cloud environment
    • building mobile applications
  • Understanding of DevOps practices
  • Broad knowledge of IT Security technologies, processes, and techniques and a strong understanding of application security practices.
  • Bachelors degree in IT, Computer Science, or Information Security preferred
  • Knowledge of cloud security principles
  • Knowledge of GitHubs Security features
  • GPEN, GXPN, GMOB, CSSLP, or other similar Security Certifications


Posted: 2021-09-03 Expires: 2021-10-05

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Sr Application Security Engineer

Discovery Inc
New York, NY 10001

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast