Sr. Application Security Analyst, Vulnerability Management

Employment Type

: Full-Time


: Information Technology

Loading some great jobs for you...

Req ID: 172466

The Turner Story

Turner is a division of WarnerMedia along with our sister companies, HBO and Warner Bros., delivering brands like CNN, HLN, TNT, TBS, Adult Swim, Cartoon Network, Turner Sports and so much more!

See what it's like to work at Turner! Follow us on Instagram, Twitter and Facebook

The Team

45 years ago we changed the face of television, and we continue that today by building and delivering next-generation entertainment and technology solutions across the globe. Our innovations impact advertising, data management, information security, content creation and delivery, business operations, broadcasting and ultimately, the fan experience.

As a technologist at Turner, you will work at the intersection of art and science. You'll work for brands that inform and entertain the world including [adult swim], Bleacher Report, Boomerang, Cartoon Network, CNN, ELEAGUE, FilmStruck, Great Big Story, HLN, iStreamPlanet, Super Deluxe, TBS, Turner Classic Movies (TCM), TNT, truTV and Turner Sports - which includes the NBA, NCAA March Madness, Major League Baseball and the UEFA Champions League. You'll be part of a company that enables community and belonging by creating content that connects with fans when, how and where they want it.

The Job

The Senior Application Security Analyst - Vulnerability Management will lead web application security remediation initiatives for the WarnerMedia Cybersecurity Office and serves as an active member of team that defines the application security strategy.

A combination of technical acumen and creative thinking is necessary to address matters of threat identification and mitigation. Unlike other security organizations, a consultative and collaborative mindset is of paramount importance.

While this job does not have formal personnel management responsibilities, the Senior Analyst is expected to lead and mentor team members and those in other technical roles who are critical to the successful delivery of the Information Security strategy

The Daily

* Serve as a subject matter expert for all matters relating to identifying, analyzing and remediating of web application security vulnerabilities and container security vulnerabilities
* Collaborate with development teams throughout WarnerMedia to effectively remediate risks associated with web application security
* Write scripts to automate repetitive tasks related to vulnerability management
* Integrate multiple security tools to one central platform for analytics and reporting
* Leverage a combination of tools such as static analysis (SAST), dynamic analysis (DAST), container registry scanners to identify web application vulnerabilities, vulnerable dependencies, and vulnerabilities within source code
* Work on false positive eliminations
* Remediation follow-through- follow/up with dev teams for adhering to fixing vulnerabilities within established SLAs
* Assign owners - based on the revised list, work with development leads to assign vulnerabilities
* Work on bug bounty programs
* Demonstrate how to exploit vulnerabilities for the purpose of internal research and assisting with remediation efforts
* Stay apprised of security risks associated with languages and frameworks such as PHP, Java, JavaScript, Ruby on Rails, .NET, Node.js, Go
* Stay apprised of security risks with Content Management Systems such as Drupal, Wordpress, and in-house developed CMS.
* Develop capabilities necessary to monitor and detect web application attacks using web application firewalls, security scripts, tools, and services
* Provide remediation action guidance to key stakeholders

Other Responsibilities

* Proven ability to understand, interpret, and explain risk identification and remediation methodologies including risk score rankings (CVSS and CVE) and applicability to risk prioritization
* Perform web/mobile/APIs pentests, assessments and re-tests as needed
* Understands vulnerabilities at an application, database, operating system and network level
* Provide technical input to security risk assessments
* Lead multiple complex projects and initiatives and use discretion when negotiating priorities
* Communicate highly complex technical information clearly and articulately
* Ability to manage tasks independently and take ownership of responsibilities

The Essentials

* 3-5years of experience in cybersecurity field focusing on web applications, APIs, microservices and mobile applications
* 1 year experience in Vulnerability management
* Expert level knowledge of the OWASP Top 10 Vulnerabilities
* Minimum of one: GWAPT, OSCP, CEH, GPEN or comparable certification
* Expertise in Python scripting
* Must be proficient with databases and queries

The Perks

* Paid time off every year to volunteer
* Access to well-being tools, resources, and freebies
* 2018 Best Company for Working Mothers
* 2018 Best Company for Dads
* An in-house learning and development team to help shape and grow your career
* Part of the WarnerMedia family of powerhouse brands

Turner Broadcasting System, Inc. and its subsidiaries are Equal Opportunity Employers and E-Verify users. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status.

Associated topics: chief program officer, cpo, manage, manager, management, monitor, product manager, project manager, relationship manager, task

Launch your career - Upload your resume now!

Upload your resume

Loading some great jobs for you...