HBO Senior Information Security Manager

OVERALL SUMMARY

Cyber security is one of HBO's top tier priorities. Industries continue to experience an increase in the scale, sophistication and successful perpetration of cybercrime. As the quantity and value of electronic information has increased so too have the efforts of criminals and other malicious actors who have embraced the Internet as a more anonymous, convenient and profitable way of carrying out their activities.

HBO's services to customers rely heavily on the availability, integrity and confidentiality of a range of information and communications technologies (ICT) for both the traditional production and broadcasting as well as Over-the-top channels such as HBO GO and HBO NOW.

The risk to HBO's mission from computer intrusion and the spread of malicious code by organized crime has been assessed as high. This is particularly the case for financial transactions and sensitive contractually trusted or personal identity information.

HBO's IT Security & Compliance Team is responsible for the protection of HBO's global digital infrastructure. It leverages partnerships being established between global offices, production offices and other stakeholders.

The Sr. Security Manager will drive the vulnerability management lifecycle, advise on business impact and provide practical risk based security services and solutions. He/She will be able to identify a roadmap for security auditing and testing that meets the engineering/product/market need and can work cross-functionally across HBO's and Time Warner's business and technical teams to improve and monitor our security best practices; from SDLC to infrastructure hardening. He/she will develop SIEM process and tools with operational responsibility and enjoy driving awareness on current security thinking within the organization.

PRIMARY RESPONSIBILITIES

  • Partner with engineering to develop the overall security strategy, policy and procedure
  • Drive the vulnerability management lifecycle, advise on business impact and provide practical risk based security services and solutions
  • Identify a roadmap for security auditing and testing that meets the engineering/product/market need
  • Improve and monitor our security best practices; from SDLC to infrastructure hardening
  • Represent security interests within Production, Engineering, Procurement and Legal teams
  • Develop SIEM process and tools with operational responsibility
  • Drive awareness on current security thinking within the Security Architecture and Development
  • Participate in the development of new application & infrastructure architecture, design, and introduction of new technologies.
  • Create security technical standards to guide engineering teams on installation and configuration of new technologies.
  • Document, provide training and socialize broadly application security methods and controls
  • Establish an approach to measure application security and incorporate it in ongoing metrics for IT Security posture
  • Incident Investigation & Response
  • Manage the cyber security incident response process
  • Build instrumentation, repudiation, and resiliency into internal and external applications and services.

REQUIREMENTS

  • Education & Skills
  • BA/BS preferred
  • Security certifications such as CISSP, CISM, CISA, GIAC, Ethical Hacker are a plus
  • Scripting language development (Python, Ruby or Perl)
  • Minimum of 10 years of IT Security experience
  • Strong analytical, communication and collaboration skills
  • In-depth knowledge of enterprise networking in relation to IT Security
  • Proven, specific implementation of cloud security applications including load balancing, horizontal and vertical elasticity, session management and other network controls
  • In-depth understanding of common protocols ranging from mid-level (IP, TCP, UDP) to application level (Syslog, SSL, HTTP, FTP, DNS)
  • Technologies:
  • Intrusion detection/prevention (IDS, IPS)
  • Data Leakage Prevention (DLP)
  • Security Information and Event Management (SIEM, QRadar or Arcsite )
  • Antimalware
  • Vulnerability Management (Qualys, Nessus, etc.)
  • Strong analytical skills capable of analyzing log files, net flow data, packet captures, usage activity.
  • Awareness in current application security frameworks
  • Strong understanding of a wide variety of attacks such as network intrusions, malicious emails, web-based attacks, malware, botnet infections.
  • Experience with all popular Operating Systems (Windows, Linux, Mac, iOS, Android, etc.)
  • Well organized with the ability to stay on top of multiple projects and incidents.

Experience in network security:

  • IP Multicast: PIM,IGMP,MSDP,SSM
  • Comfort with routing protocols
  • SNMP, Netflow experience
  • Secure network architecture and segmentation
  • Troubleshooting LAN/WAN performance and optimization
  • Comfort with host and network virtualization technologies and IP Storage
  • Palo Alto Firewalls and Checkpoint Firewalls

Experience in application security:

  • Proficiency in code auditing (Java)
  • Strong experience with manual interception proxies such as Burp, Fiddler, Zap
  • Excellent ability to discover and demonstrate flaws XSS, CSRF and Injection attacks (SQLi)
  • Strong understanding of encryption
  • Proficiency with Linux, Apple Mac OS, Microsoft Windows

About Us It's HBOSM

America's most successful premium television company, Home Box Office delivers two 24-hour pay television services—HBO®and Cinemax®. HBO continues to take advantage of the latest technological innovations with advancements that include the availability of HBO programming online though HBO GOSM and MAX GOSM, as well as HBO On Demand® and Cinemax On Demand® in HD. Just as HBO is a company noted for its commitment to excellence in the products and services it delivers to consumers, it makes the extra effort to create a work environment in which fairness, equity, trust, and individual responsibility are valued. HBO is committed to retaining and recruiting skilled and motivated employees, placing a priority on qualified team players who contribute to the diversity of their workforce. HBO offers competitive benefits to include medical, dental, vision, a matched 401(k) plan, flexible spending, a commuter benefit program and tuition reimbursement.

HBO is an equal employment opportunity employer. HBO does not discriminate against any applicant or employee based on race, color, religion, national origin, gender, age, sexual orientation, gender identity or expression, marital status, mental or physical disability, and genetic information, or any other basis protected by applicable law. HBO also prohibits harassment of applicants or employees based on any of these protected categories.


See Inside the Office of HBO

Launched in 1972, HBO has become a critically acclaimed innovator, ratings record-breaker and multiple Golden Globe winner in the cable television industry. The company offers 24-hour pay television services of its exclusive productions—including original movies, series, comedy, documentaries, family shows, and world-class sporting events—to its dedicated following of 46 million subscribers in the U.S. and in 50 countries around the globe.


Back to top