Sr Director - Application Security

| Greater NYC Area

Position Summary


The Sr. Web  Application Security Developer / Architect will work closely with Global Information Security, Discovery’s Broadcast, Digital, and Infrastructure teams to design, deploy appropriate, risk-based security safeguards and technical application security controls.


This position can be based in either New York City, New York or Sterling, Virginia.


1. Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (e.g., Server/Client, Mobile, Tablet, etc.)
2. Conduct application security risk assessment, analysis, and monitoring as needed 
3. Research/communicate emerging cybersecurity threats and zero-day vulnerabilities/exploits
4. Develop and execute security assessment test plans, document and present results to customers
5. Review developers’ codes, provide feedback and perform security and risk assessment for consumer facing applications, services, and future technology 
6. Create/make pull requests to review and merge code in Git/GitHub or similar DVCS
7. Monitor and maintain real-time monitoring infrastructure and assessment toolkits as needed
8. Perform design analysis, review, piloting, and selection of security technologies that meet specified application/business requirements
9. Identify and define application security requirements and security baselines for the various classes of assets and environments in use at Discovery or its partners
10. Identify and address Information Security control gaps, abnormal behavior patterns and attack techniques to enhance the security program and safeguard the Discovery environment
11. Work collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program (AGILE) Teams, etc.) to support and remediate security gaps
12. Review Technical Architecture and Delivery for Web and other Client Delivery Platforms
13. Understand and recommend security controls for the rapid development of consumer facing prototypes to identify technical options and inform architectural approaches
14. Identify and recommend best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices. (i.e., project, customer, and vendor management skills)


  • Ex- NSA/TAO, former penetration testers, or people with significant experience of work in vulnerability research (WEB-app focused).
  • 6+ years of cybersecurity architecture and/or application security (appsec, netsec), with a Bachelor’s degree or higher in related field
  • Broad knowledge of IT Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
  • Extensive experience in code reviews, business logic assessment, and application security testing
  • Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)
  • Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux, etc.
  • Experience in 3rd-party testing tools such as Veracode, WhiteHat, etc., is preferred
  • Experience working with and coding in Python, Node.js, JavaScript, Go, Ruby, PowerShell, Bash, and Scala. (SDK and RESTful API design/development is preferred)
  • Experience in secure coding and software development in various languages (C#, .NET, Java etc.)
  • Experience working with Agile development/Scrum teams, and enthusiastically incorporate security stories/requirements into SDLC (CI/CD) with product owners/managers
  • Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles
  • Excellent knowledge of software and application design and architecture
  • Strong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
  • Experience with Unix/Linux and Windows operating systems in an Active Directory environment
  • Experience with endpoint security and SIEM technologies such as ESET, Splunk ES, QRadar, etc. 
    Experience working in a large government or corporate enterprise environment
  • Excellent communication and presentation abilities with great attention to detail
  • CISSP, CEH, GWAPT, or OSCP certifications are highly desired


* Must have the legal right to work in the United States

New York City, New York, NYC, NY, Sterling, Virginia, VA


Read Full Job Description

Technology we use

  • Engineering
    • GolangLanguages
    • PHPLanguages
    • PythonLanguages
    • RubyLanguages
    • ReactLibraries
    • ReduxLibraries
    • AngularJSFrameworks
    • Node.jsFrameworks
    • MongoDBDatabases
    • MySQLDatabases


Home to world-renowned shops, buildings, museums, and restaurants, this neighborhood really captures the New York spirit.
Inside Look at Discovery Digital's Engineering Team

What are Discovery Digital Media Perks + Benefits

Health Insurance & Wellness Benefits
Dental Benefits
Vision Benefits
Health Insurance Benefits
Retirement & Stock Options Benefits
401(K) Matching
Child Care & Parental Leave Benefits
Flexible Work Schedule
Vacation & Time Off Benefits
Generous PTO
Paid Volunteer Time
Perks & Discounts
Casual Dress
Commuter Benefits
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
More Jobs at Discovery Digital Media9 open jobs
All Jobs
Data + Analytics
Dev + Engineer
New York
New York
New York
New York
Data + Analytics
New York
New York