Analyst - Threat & Vulnerability
As Discovery Communications’ portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
From Amsterdam to Singapore and from satellite and broadcast operations to SAP, we are driving Discovery forward on the leading edge of technology.
Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery Communications. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.
The Analyst for Threat and Vulnerability will manage vulnerability testing on our networks, systems and applications to produce actionable reports on security testing results with specific recommendations. As a part of the Info Sec team, you’ll act as an in house consultant to help application support groups implement secure solutions and work with the Global IT team to remediate issues in accordance with all global polices, standards & mandates.
1. Working with a team of resources comprised of on-/off-shore suppliers and SPE employees in day-to-day monitoring, supporting, maintaining and enhancing a set of vulnerability management systems
2. Develop and manage a proactive TVM (Threat and Vulnerability Management) program
3. Manage matrix teams, including 24/7 coverage to address immediate threats or security incidents
4. Position TVM program to provide effective and efficient support regarding the confidentiality, integrity, and availability of systems
5. Assist in the development and maintenance of security policies and procedures
6. Ensure that policies and procedures are implemented and enforced through both manual and automated controls
7. Provide management status reports and escalations on all TVM requests and incidents
8. Participate in the remediation of audit findings as needed
9. Develop and implement procedures and metrics for TVM
10. Develop and implement automated tools for TVM as needed
11. Participate in various security activities, including special projects and documentation
12. Able to be on call for incidents and problems as needed
One or more of the following certifications required:
o CEH (Certified Ethical Hacker) or equivalent web/application security testing qualification
o CISSP (Certified Information Systems Security Professional)
o IT/Security Vendor Certifications (e.g. Cisco, Microsoft, RSA)
o GIAC/ GSEC (Global Information Assurance Certification – Security Expert)
o GIAC/ GCIA (Global Information Assurance Certification – Certified Intrusion Analyst)
Able to conduct vulnerability testing and penetration analyses of computers, networks, and applications
Able to maintain proficiency in tools, techniques, and countermeasures in network vulnerabilities
Able to profile network traffic to detect possible intrusions from inside or outside networks
Able to identify, monitor, and investigate computer and network intrusions
Strong project management, time management, and organizational skills required
Strong customer service, communication, and presentation skills required
BS degree in computer science or computer engineering preferred; will consider applicants with equivalent work-related experience with a minimum educational requirement of a high school diploma or GED equivalent
Minimum of 3 -5 years of security and/or IT experience required
Able to provide computer forensic support to investigations in the form of evidence seizure, computer forensic analysis, and data recovery
Experience knowledge of TCP/IP, networking design, and routing architectures
Experience knowledge of network security systems and protocols, including firewalls, Radius and TACACS+, IPSEC and IKE, SSH, etc.
Ability to maintain proficiency in vulnerability and threat management best practices
Ability to develop and implement security procedures and control
* Must have legal right to work in the United States
Back to top