Cloud Security Engineer for WAF
Location:
Sterling, VA, US, 20166-4346 Atlanta, GA, US, 30305 Bellevue, WA, US, 98004 Silver Spring, MD, US, 20910-3354 Knoxville, TN, US, 37932 New York, NY, US, 10022-7240
Date: Jun 24, 2021
Req ID: 3421
Description:
Discovery hires the very best and brightest talent who are enthusiastic and passionate to fulfill the company’s mission of empowering people to explore their world and satisfy their curiosity.
In exchange for their talent and drive, employees are provided with an engaging, diverse workplace and the resources they need to learn, thrive and grow in their careers.
About Discovery
As Discovery's portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O Implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.
The Role
The Cloud Security team is looking for an experienced cloud and application security professional to help manage AWS & GCP WAF across our service portfolio. The Cloud Security Engineer for WAF will be responsible for deployment, troubleshooting, rule crafting, and acting as a subject matter expert (SME) to the broader team around all things WAF and DDOS mitigation. This role will entail automation and validation of configuration, helping to craft the WAF logging & observability strategy.
Key Areas of Responsibility
- Act as a WAF Subject Matter Expert for Infosec department
- Validating layer 3-7 protection coverage of our cloud perimeter
- Interfacing with AWS SRT for DDOS mitigation planning.
- Review cloud architecture and advise development teams on strong Network and Infrastructure Security Design principles and identification of issues prior to systems or features deployed.
- Provide guidance for security remediation to business and IT partners. Speaking the DevOps and product team’s language by demonstrating real, practical risk and value.
- Develop cloud security solutions to meet incident response and participate in the security incident response process as a cloud SME.
- Mentor junior members of staff
- Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.
- Collaborate with senior management and department leaders to assess near- and long-term cloud security needs
- Staying current with the latest cloud threat mitigation tools and techniques
Required Qualifications:
- Strong understanding of layer-7 attack and defense techniques
- Understanding of defense against OWASP, DDOS, and other infrastructure threats from the edge.
- Prior use of AWS WAF
- Understanding of CDN, api management, and load balancing technologies
- Some Understanding of Cloud Provider managed Kubernetes networking
- Some Understanding of open and closed source threat intelligence sources.
- Strong understanding of cloud native networking concepts
- Understanding of cloud-based infrastructure components with specific understanding of the security risks presented in a decentralized and hybrid environment.
- Comfortable automating processes start to finish and can work closely with cloud solutions engineering and product teams to help integrate security into their existing processes.
- Proficient in at least one scripting language (python, Nodejs, Golang)
- Some Hands-on experience with some the following:
- Developing & Securing Serverless automation
- Security administration in AWS/GCP/Azure
- Infrastructure as code tools (Pulumi, Ansible, CloudFormation, Terraform)
- Command Line experience (Bash, Powershell, AWS-CLI)
- Network & Infrastructure engineering
- Excellent verbal and written communication skills with a strong attention to detail
- Remains productive while rapidly switching context
- Thirst for knowledge and constantly driven to stay current with evolving threat landscapes
- Must have the legal right to work in the United States
Preferred Qualifications:
- AWS Certifications – AWS Solutions Architect, AWS Security Specialty, AWS Network Speciality
- GCP Certifications - ACE, Other
- Security Product Engineering Certifications: Firewalls, WAF, Web Gateway/Proxy Solutions.
- Previous Experience with Akamai, Signal Sciences, etc.
Discovery Communications, Inc. is an equal opportunity employer. Discovery is committed to being an employer of choice, not just a good place to work, but a great and inclusive place to work. To that end, we strive to recruit and maintain a workforce that meaningfully represents the diverse and culturally rich communities that we serve. Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disabled status or, genetic information.
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including but not limited to all local Fair Chance Ordinances.