VP, Product & Application Security

Every great story has a new beginning, and yours starts here.

Welcome to Warner Bros. Discovery... the stuff dreams are made of.

Who We Are...

When we say, "the stuff dreams are made of," we're not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD's vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what's next...

From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.

• a strong background and expertise in application security, especially in DTC, web, TV, and mobile applications
• a proven track record of leading and mentoring a team of application security engineers and professionals.
• a proactive and collaborative approach to security, with a focus on delivering value and quality to our customers and stakeholders.
• a keen interest and knowledge of the streaming media and entertainment industry and its challenges and opportunities
• a willingness to work in a dynamic and international environment, with a large and diverse portfolio of DTC products, applications, and services.

• Lead a diverse global team, overseeing the implementation of a comprehensive program for conducting product and application security risk assessments, analysis, and monitoring on a large scale.
• Define and execute the security vision and roadmap for our applications and direct-to-consumer products and platforms, including MAX, and other streaming services.
• Build and manage a team of application and product security engineers, architects, and analysts to deliver security solutions across the application and product development lifecycle, from design to deployment to operation.
• Drive the expansion of the Application and Product Security programs, focusing on areas such as security architecture engagement strategies, scalable application and product threat modeling, and the implementation of a security technical champion's program.
• Develop and deliver strategic quarterly roadmap plans, ensuring successful and timely completion of initiatives with high quality.
• Establish and enforce security standards, policies, and best practices for our application and product development teams, ensuring compliance with industry regulations and customer expectations.
• Partner with product, application, engineering, and business stakeholders to identify and prioritize security risks and requirements, and provide guidance and support on security architecture, design, testing, and remediation.
• Develop and implement security metrics and dashboards to measure and report on the security posture and performance of our products, applications, and platforms.
• Stay abreast of emerging security threats, trends, and technologies, and provide thought leadership and innovation on security solutions and practices.
• Lead the adoption and integration of DevSecOps principles and practices into the product development process, such as continuous integration, continuous delivery, automation, and collaboration.
• Leverage cloud security best practices and tools to secure our applications, products, and platforms on AWS, GCP, and Azure, using automation and CI/CD pipelines.
• Manage relationships effectively, advocating for business and external customers by engaging in security-related requirements conversations.
• Identify and advocate for best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices.

• Hybrid work environment; must be based in the Warner Bros. Discovery office in Burbank, CA for a minimum of three (3) days/week.
• Bachelor's degree in computer science, Engineering, or related field, or equivalent work experience.
• 10+ years of experience in information security, with at least 5 years of experience in product security, application security, or cloud security.
• Proven track record of leading and managing security teams and projects in a fast-paced, dynamic, and agile environment.
• Extensive experience in secure code reviews, business logic assessments and application security testing
• Expert knowledge of security principles, standards, and best practices, such as OWASP, NIST, ISO, etc.
• Experience in deploying cyber security solutions in public cloud environments (IaaS, PaaS, SaaS)
• Strong technical skills and hands-on experience with security tools and technologies, such as web application firewalls, vulnerability scanners, penetration testing tools, encryption, authentication, etc.
• Excellent communication and presentation skills, with the ability to communicate effectively with both technical and non-technical audiences.
• Experience in the media and entertainment industry, or with direct-to-consumer products and platforms, is a plus.
• Experience in implementing and leading DevSecOps initiatives, frameworks, and tools, such as Burp Suite, SAST, DAST, Nmap, Metasploit, etc.
• Experience with Agile development/Scrum methodologies and incorporation of security requirements into SDLC (CI/CD) with product owners.
• Domain competencies in several IT-risk-related disciplines including Secure Code Hygiene, Application/Mobile/Native automated and manual security testing, and Application Security Reviews.
• Strong understanding of application development frameworks for web, mobile, and API-based applications
• Scale security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
• Experience in securing cloud environments and services on AWS, GCP, and Azure, using automation and CI/CD pipelines.
• Experiencing in managing programs supporting secure code and software deployments in various languages (Python, Node.js, C#, .NET, JavaScript, Go, Ruby, GraphQL, SDK, and RESTful API design/development).
• CISSP, CEH, GWEB, CWAPT, CCSP, CSSLP, CISSP-ISSAP, GPEN, GWAPT, GMOB, or OSCP certifications are highly desired, though not required.