| || |
The Turner Story
Turner is a division of Time Warner along with our sister companies, HBO and Warner Bros. We are better known as the folks who bring you CNN, HLN, TCM, TNT, TBS, Adult Swim, Cartoon Network, Turner Sports and so much more! From cutting-edge breaking news stories, up-to-the-minute sports coverage, and the characters we grew up loving on to the shows we love today, Turner continues to be the gold standard in first class television programming and a demonstrated leader in digital content. We tell the stories the world wants to hear. Won’t you be a part of our story? http://www.turner.com/
See what it’s like to work at Turner! Follow us on Instagram, Twitter and Facebook
What part will you play?
The Senior DevSecOps Engineer will drive application security, secure DevOps processes along with other key security disciplines throughout Turner's technology organization. This team will aide in establishing secure coding practices as well help determine what good security looks like. This position is critical to establishing and maintaining secure systems while simultaneously promoting a culture of rapid and reliable software and infrastructure across the company. The team will work with various development and operations teams throughout Turner and its subsidiaries.
What will you be doing?
- Be a part of a bleeding edge cloud and web application security team which enables the agile development of secure and reliable applications.
- Ensure the team of security engineers develops an understanding of business objectives, application architecture, and functionality of the projects they are assigned to
- Collaborate with software development leaders to establish metrics that demonstrate security proficiency across all major development teams
- Identify potential threat vectors in software applications and cloud architecture that could be used by attackers and cause disruption or a potential data breach
- Demonstrate security leadership across the organization
- Collaborate with other Information Security Office team members to ensure all software vulnerabilities are tracked, remediated and retested
- Lead the development of automated test scripts which are incorporated into the software development lifecycle and are effective at identifying potential software and configuration vulnerabilities
- Lead the development of automated utilities which can be leveraged to identify cloud vulnerabilities
- Ensure processes associated with application security and cloud security of key systems are documented, maintained, and archived
- Collaborate with development and operations teams to develop the standards for web application security, cloud security, and mobile app security
- Lead security assessments of critical company infrastructure and applications as needed
- Other duties as required
What do we require from you?
- 5+ years of software development, DevOps and/or cloud architecture (AWS, GCP or Azure) experience
- Proficient with security tools such as Burp Suite, sqlmap, Metasploit, Nmap, ZAP, Gauntlt or Nessus
- Experience with Static Application Security Testing methodologies and tools
- Experience with Dynamic Application Security Testing methodologies and tools
- Preferred experience with tools such as Terraform, Puppet, Chef, Salt or Ansible
- Experience integrating security tools into the CI/CD pipeline
- Full end to end understanding of CI/CD pipeline and how to assess them from a security point of view
- AWS Cloud Front and Cloud Trail knowledge, with experience securing AWS components such as VPC, EC2, S3 and direct connects
- Experience with WAF technology
- Working knowledge of Content Delivery Network technologies such as Akamai or Fastly
- Ability to communicate and influence in an a highly distributed environment
- Provide leadership, guidance and direction on security and be an influencer of development, systems, support, and quality assurance teams to follow security standards
- Strong verbal and written communication skills
- Certifications such as CISSP, AWS Certified Solutions Architect, GWEB/GWAPT, and GPEN preferred
- Experience with attack and penetration testing or relevant security experience preferred
- Candidate should have knowledge of system and network configuration for multiple operating systems and infrastructures
- Experience in broadcast or video streaming a plus
But wait, there’s more!#conference
Turner Broadcasting System, Inc. and its subsidiaries are Equal Opportunity Employers and E-Verify users. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status.