What you'd actually do

Support the expansion of Product Security programs by contributing to security architecture engagement strategies, scalable product threat modeling, and the implementation of product security technical initiatives

Assist in developing and delivering security roadmap plans, ensuring initiatives are completed successfully and on time with high quality.

Help establish and enforce security standards, policies, and best practices for product development teams, ensuring compliance with industry regulations and customer expectations (PCI, GDPR, CCPA, etc.)

Collaborate with product, engineering, and business stakeholders to identify and prioritize security risks and requirements, providing guidance and support on security architecture, design, testing, and remediation.

Contribute to the development and implementation of security metrics and dashboards to measure and report on the security posture and performance of products and platforms.

Skills

Required

Experience in product security, application security, or cloud security
Understanding of consumer behavior and expectations regarding digital services
Proven track record of leading and managing security projects in a fast-paced, dynamic, and agile environment
Extensive experience in secure code reviews, business logic assessments and application security testing
Deep understanding of network, data, and cloud security principles
Expert knowledge of security principles, standards, and best practices, such as OWASP, NIST, ISO, etc.
Experience in deploying cyber security solutions in public cloud environments (IaaS, PaaS, SaaS)
Strong technical skills and hands-on experience with security tools and technologies, such as web application firewalls, vulnerability scanners, penetration testing tools, encryption, authentication, etc.
Excellent communication and presentation skills
Experience in implementing and leading DevSecOps initiatives, frameworks, and tools
Experience with Agile development/Scrum methodologies and incorporation of security requirements into SDLC (CI/CD)
Experience in securing cloud environments and services on AWS, GCP, and Azure, using automation and CI/CD pipelines.
Experiencing in managing programs supporting secure code and software deployments in various languages (Python, Node.js, C#, .NET, JavaScript, Go, Ruby, GraphQL, SDK, and RESTful API design/development).

Nice to have

Familiarity with generative AI tools (e.g., copilots, LLM-based assistants). Ability to write clear prompts and evaluate AI-generated results. Understanding AI limitations (hallucinations, bias, data sensitivity). Experience integrating AI APIs or models.
Experience in the media and entertainment industry, or with direct-to-consumer products and platforms
CISSP, CEH, GPEN, or OSCP certifications

Welcome to Warner Bros. Discovery… the stuff dreams are made of.

**Who We Are… **

When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the_ creators_ bringing them to your living rooms and the dreamers creating what’s next…

From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.

Must work a hybrid schedule (3 days onsite) out of our Burbank office.

As a Product Security Engineer Specialist, you will be a vital member of the Warner Bros. Discovery Global Information and Content Security (GICS) team. This key role will concentrate on ensuring the adoption, deployment, fine-tuning, and development of tools, services, and processes that enable robust security controls within the Product Security lifecycle. You will collaborate closely with Development and DevOps teams to define security processes and integrations that seamlessly support existing workflows and pipelines. Additionally, you will engage with all aspects of the Application Security team (Engineering, Operations, Testing, and Vulnerability Management) to ensure an efficient and effective Product Security Pipeline.

**Job Responsibilities **

Support the expansion of Product Security programs by contributing to security architecture engagement strategies, scalable product threat modeling, and the implementation of product security technical initiatives
Assist in developing and delivering security roadmap plans, ensuring initiatives are completed successfully and on time with high quality.
Help establish and enforce security standards, policies, and best practices for product development teams, ensuring compliance with industry regulations and customer expectations (PCI, GDPR, CCPA, etc.)
Collaborate with product, engineering, and business stakeholders to identify and prioritize security risks and requirements, providing guidance and support on security architecture, design, testing, and remediation.
Contribute to the development and implementation of security metrics and dashboards to measure and report on the security posture and performance of products and platforms.
Stay informed about emerging security threats, trends, and technologies, and contribute to discussions on security solutions and practices.
Support the adoption and integration of DevSecOps principles and practices into the product development process, including continuous integration, continuous delivery, automation, and collaboration.
Be familiar with common vulnerabilities and attack vectors in consumer-facing digital services and leverage cloud security best practices and tools to secure products and platforms on AWS, GCP, and Azure, using automation and CI/CD pipelines.
Manage relationships effectively, advocating for business and external customers by engaging in security-related requirements conversations.
Utilize professional experience with security testing tools for product and application security testing, including SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), threat modeling, and product penetration testing.

Qualifications & Experiences:

Familiarity with generative AI tools (e.g., copilots, LLM-based assistants). Ability to write clear prompts and evaluate AI-generated results. Understanding AI limitations (hallucinations, bias, data sensitivity). Experience integrating AI APIs or models.
Bachelor’s degree in computer science, Engineering, or related field, or equivalent work experience.
5+ years of experience in information security, with at least 3 years of experience in product security, application security, or cloud security.
Understanding of consumer behavior and expectations regarding digital services and experience balancing security needs with user experience considerations
Proven track record of leading and managing security projects in a fast-paced, dynamic, and agile environment
Extensive experience in secure code reviews, business logic assessments and application security testing with deep understanding of network, data, and cloud security principles
Expert knowledge of security principles, standards, and best practices, such as OWASP, NIST, ISO, etc.
Experience in deploying cyber security solutions in public cloud environments (IaaS, PaaS, SaaS)
Strong technical skills and hands-on experience with security tools and technologies, such as web application firewalls, vulnerability scanners, penetration testing tools, encryption, authentication, etc.
Excellent communication and presentation skills, with the ability to communicate effectively with both technical and non-technical audiences.
Experience in the media and entertainment industry, or with direct-to-consumer products and platforms, is a plus (e.g., Demonstrated success in implementing security measures for large-scale consumer platforms)
Experience in implementing and leading DevSecOps initiatives, frameworks, and tools (e.g., GHAS, Burp Suite, Nmap, Metasploit, etc.) used for SCA, SAST, DAST, etc.
Experience with Agile development/Scrum methodologies and incorporation of security requirements into SDLC (CI/CD) with product owners.
Experience in securing cloud environments and services on AWS, GCP, and Azure, using automation and CI/CD pipelines.
Experiencing in managing programs supporting secure code and software deployments in various languages (Python, Node.js, C#, .NET, JavaScript, Go, Ruby, GraphQL, SDK, and RESTful API design/development).
CISSP, CEH, GPEN, or OSCP certifications are highly desired

How We Get Things Done…

This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview.

Championing Inclusion at WBD

Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.

If you’re a qualified candidate with a disability and you require adjustments or accommodations during the job application and/or recruitment process, please visit our accessibility page for instructions to submit your request.

In compliance with local law, we are disclosing the compensation, or a range thereof, for roles in locations where legally required. Actual salaries will vary based on several factors, including but not limited to external market data, internal equity, location, skill set, experience, and/or performance. Base pay is just one component of Warner Bros. Discovery’s total compensation package for employees. Pay Range: $110,040.00 - $204,360.00 salary per year. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Warner Bros. Discovery provides a variety of benefits to employees, including health insurance coverage, an employee wellness program, life and disability insurance, a retirement savings plan, paid holidays and sick time and vacation.

If you’re a qualified candidate with an arrest or conviction record, please know that your application will be considered in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.