Discovery is a global leader in the media sector, serving passionate fans around the world with content that inspires, informs and entertains.
Discovery delivers over 8,000 hours of original programming each year across deeply loved content genres.
The world is changing all around us. To continue to grow as a business over the next years we must look ahead, understand the changing trends and be prepared for that what’s to come.
We must get ready for tomorrow today. Join us to be part of the adventure. Discovery inspires people to be the best they can.
Currently in Poland we are looking for passionate people with various backgrounds to join our team in the fields of FP&A Centre of Excellence, Global Business Services, HR Services and Media Business.
The IT Security Vulnerability Engineer will have the responsibility of ensuring the overall infrastructure, operating system and application patching cycles are functioning appropriately and align with the Discovery security policies.
As a part of the Info Sec team, the candidates are expected to act as in-house consultants to help engineering and application support groups implement secure solutions and work with the Global IT team to remediate issues in accordance with all global policies, standards & mandates.
Key Areas of Responsibility
Meet with technology owners weekly to ensure full visibility and understanding of open security vulnerabilities and the risks inherent with those vulnerabilities.
Maintain and provide a detailed register of all open vulnerabilities, exceptions and remediation actions to ensure constant improvement of the Discovery risk surface
Understand and communicate Discovery patching policies, standards, and procedures to business teams and ensure compliance.
Collaborate with engineering teams and technology stakeholders to balance security remediation priority with potential business risk to ensure maximum security compliance with minimal operational impact to business systems.
Develop and maintain relationships with engineering teams and business partners and provide an environment of trust and technical competence and set expectations of compliance with remediation SLAs
One or more of the following certifications required :
o GSEC, GCIH, SSCP, CCSP, CISSP-ISSEP, CEH, GCIA, GISF, Security Plus, Network Plus preferred but 2-3 years of experience and demonstrated knowledge accepted.
BS degree in computer science or computer engineering preferred; will consider applicants with equivalent work-related experience with a minimum educational requirement of a high school diploma or GED equivalent.
Ability to negotiate with business teams on timelines and expectations within the confines of set remediation SLAs.
Hands on technical experience with risk, specifically the ability to derive residual and acceptable risk from competing priorities with regard to security and business impact.
Hands on technical experience with vulnerability management platforms (Rapid 7, Tenable, Qualys).
Hands on technical experience with cloud native security compliance tools (AWS inspector, Google CSCC).
2-3 years technology operations experience, specifically operating systems such as Microsoft, Linux, Mac OS, Oracle, etc.
as well as related sever applications.
Hands on technical experience with cloud infrastructure and the vulnerabilities that may exist in bleeding edge cloud native infrastructure (VPC, ECS, RDS) and the remediation steps involved.
Strong customer service, communication, and presentation skills required.
Hands on technical experience with data analysis and reporting with data analytics tools (Splunk, Kibana)