HBO’s IT Security & Compliance team is responsible for protecting the employee and IT systems of HBO, which are critical in keeping the organization and its content running.
Our mission is very broad and our team is small and agile. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you will be empowered to engage and lead cross-functionally.
We are looking for an Cyber Security Security Engineer who will lead a significant program in an area such as vulnerability management or third party/vendor risk. We frequently collaborate with other teams at HBO, and look externally to partner with unique and innovative security companies.
WHAT YOU'LL DO
Perform design and implementation security reviews for different parts of the HBO ecosystem
Determine technical solutions to address security weaknesses and work with relevant stakeholders to implement them
Propose and evaluate innovative new security features that could benefit our users
Assist with security incident response as needed
Find security flaws hidden deeply in complex protocols and systems across the software stack
WHAT WE'RE LOOKING FOR
Expertise in conducting web and mobile security assessments covering threat modeling, design reviews and in-depth implementation audits
A burning desire to grow in both engineering and security expertise
5+ years of experience working in web security, mobile security, penetration testing and cryptography
Demonstrated proficiency in software development in C, C++ or Java
2+ years of industry experience in security and development
Strong ability to conduct fuzzing against unfamiliar protocols and code
Proficiency in implementing sandboxing solutions
Development experience (Python, Perl, shell scripting, or similar) and experience with Amazon Web Services (AWS) is strongly preferred.
BS in Computer Science or a related technical field or equivalent experience
Strong grounding in information security principles
2+ years of hands-on experience leading a comprehensive security program (vulnerability management, vendor security, etc.)
Hands-on endpoint system security experience
Proven track record of building complete security solutions by integrating off-the-shelf and custom security tools through APIs
The ability to absorb and adapt to new technologies
Strong communication skills
Strong ability to troubleshoot
Willingness to take ownership and set direction in “gray” areas