• Define and execute the product and platform security strategy • Lead and grow the security team • Own application security across the SDLC • Design and implement security architectures for cloud-native applications • Build and run the detection and response program • Drive cloud security posture across our AWS/GCP infrastructure • Be Parloa's product security voice in customer engagements • Advance AI-specific security practices • Collaborate with IS&T on shared boundaries • Establish security metrics that matter

• Operate, troubleshoot, and optimize large-scale, complex Active Directory environments (multi-forest, multi-site, hybrid) • Maintain and enhance Entra ID (Azure AD) multi-tenant environments, integrating with on-premises and cloud services • Collaborate in the design and rollout of security guardrails for directory services and privileged access, both on-prem and in the cloud • Develop, implement, and manage automation/scripts (PowerShell, Python, etc.) for routine operations and self-service enablement • Participate in a rotating On-Call schedule to ensure 24/7 operational coverage • Partner with cross-functional teams to support incident response, change management, and audits • Drive adoption of modern security frameworks, including Zero Trust and least privilege principles

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. 𝐉𝐨𝐛 𝐃𝐞𝐬𝐜𝐫𝐢𝐩𝐭𝐢𝐨𝐧: We are seeking a skilled CyberArk Conjur Consultant to join our team for a remote position with our esteemed client. The ideal candidate will have hands-on experience in implementing CyberArk Conjur at an enterprise scale, along with expertise in various DevOps practices and technologies. This role involves working with cutting-edge technologies to ensure secure management of secrets and access within complex environments. 𝐐𝐮𝐚𝐥𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧: Experience in implementing CyberArk Conjur at Enterprise scale. DevOps Practices: Understanding of DevOps methodologies and practices, including continuous integration (CI), continuous deployment (CD), and infrastructure as code (IaC). Containerization and Orchestration: Experience with containerization technologies such as Docker and container orchestration platforms like Kubernetes, as CyberArk Conjur often integrates with these environments to manage secrets and access. Infrastructure as Code (IaC): Proficiency in tools such as Terraform, Ansible, or Chef for automating infrastructure provisioning and configuration, which may integrate with CyberArk Conjur for managing secrets securely. Scripting and Automation: Skills in scripting languages like Python, Ruby, or Shell scripting to automate processes and integrate CyberArk Conjur with existing systems and workflows. API Integration; Understanding of RESTful APIs and ability to integrate CyberArk Conjur with other tools and systems using APIs for seamless access management. Encryption and Key Management: Knowledge of encryption algorithms, key management practices, and cryptographic protocols to ensure the security of sensitive data and secrets managed by CyberArk Conjur. Troubleshooting and Debugging: Ability to troubleshoot issues, diagnose problems, and debug configurations within CyberArk Conjur and its integrations. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Title: Product Security Engineer Specialist Location: CA Burbank Bldg. 750, Second Century, Tower 2 Full time Hybrid Job Description: Welcome to Warner Bros. Discovery… the stuff dreams are made of. Who We Are… When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next… From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive. *Must work a hybrid schedule (3 days onsite) out of our Burbank office.* As a Product Security Engineer Specialist, you will be a vital member of the Warner Bros. Discovery Global Information and Content Security (GICS) team. This key role will concentrate on ensuring the adoption, deployment, fine-tuning, and development of tools, services, and processes that enable robust security controls within the Product Security lifecycle. You will collaborate closely with Development and DevOps teams to define security processes and integrations that seamlessly support existing workflows and pipelines. Additionally, you will engage with all aspects of the Application Security team (Engineering, Operations, Testing, and Vulnerability Management) to ensure an efficient and effective Product Security Pipeline. Job Responsibilities - Support the expansion of Product Security programs by contributing to security architecture engagement strategies, scalable product threat modeling, and the implementation of product security technical initiatives - Assist in developing and delivering security roadmap plans, ensuring initiatives are completed successfully and on time with high quality. - Help establish and enforce security standards, policies, and best practices for product development teams, ensuring compliance with industry regulations and customer expectations (PCI, GDPR, CCPA, etc.) - Collaborate with product, engineering, and business stakeholders to identify and prioritize security risks and requirements, providing guidance and support on security architecture, design, testing, and remediation. - Contribute to the development and implementation of security metrics and dashboards to measure and report on the security posture and performance of products and platforms. - Stay informed about emerging security threats, trends, and technologies, and contribute to discussions on security solutions and practices. - Support the adoption and integration of DevSecOps principles and practices into the product development process, including continuous integration, continuous delivery, automation, and collaboration. - Be familiar with common vulnerabilities and attack vectors in consumer-facing digital services and leverage cloud security best practices and tools to secure products and platforms on AWS, GCP, and Azure, using automation and CI/CD pipelines. - Manage relationships effectively, advocating for business and external customers by engaging in security-related requirements conversations. - Utilize professional experience with security testing tools for product and application security testing, including SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), threat modeling, and product penetration testing. Qualifications & Experiences: - Familiarity with generative AI tools (e.g., copilots, LLM-based assistants). Ability to write clear prompts and evaluate AI-generated results. Understanding AI limitations (hallucinations, bias, data sensitivity). Experience integrating AI APIs or models. - Bachelor’s degree in computer science, Engineering, or related field, or equivalent work experience. 5+ years of experience in information security, with at least 3 years of experience in product security, application security, or cloud security. - Understanding of consumer behavior and expectations regarding digital services and experience balancing security needs with user experience considerations - Proven track record of leading and managing security projects in a fast-paced, dynamic, and agile environment - Extensive experience in secure code reviews, business logic assessments and application security testing with deep understanding of network, data, and cloud security principles - Expert knowledge of security principles, standards, and best practices, such as OWASP, NIST, ISO, etc. - Experience in deploying cyber security solutions in public cloud environments (IaaS, PaaS, SaaS) - Strong technical skills and hands-on experience with security tools and technologies, such as web application firewalls, vulnerability scanners, penetration testing tools, encryption, authentication, etc. - Excellent communication and presentation skills, with the ability to communicate effectively with both technical and non-technical audiences. - Experience in the media and entertainment industry, or with direct-to-consumer products and platforms, is a plus (e.g., Demonstrated success in implementing security measures for large-scale consumer platforms) - Experience in implementing and leading DevSecOps initiatives, frameworks, and tools (e.g., GHAS, Burp Suite, Nmap, Metasploit, etc.) used for SCA, SAST, DAST, etc. - Experience with Agile development/Scrum methodologies and incorporation of security requirements into SDLC (CI/CD) with product owners. - Experience in securing cloud environments and services on AWS, GCP, and Azure, using automation and CI/CD pipelines. - Experiencing in managing programs supporting secure code and software deployments in various languages (Python, Node.js, C#, .NET, JavaScript, Go, Ruby, GraphQL, SDK, and RESTful API design/development). - CISSP, CEH, GPEN, or OSCP certifications are highly desired In compliance with local law, we are disclosing the compensation, or a range thereof, for roles in locations where legally required. Actual salaries will vary based on several factors, including but not limited to external market data, internal equity, location, skill set, experience, and/or performance. Base pay is just one component of Warner Bros. Discovery’s total compensation package for employees. Pay Range: $110,040.00 - $204,360.00 salary per year. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Warner Bros. Discovery provides a variety of benefits to employees, including health insurance coverage, an employee wellness program, life and disability insurance, a retirement savings plan, paid holidays and sick time and vacation.