Warner Bros. Discovery (WBD) is a prominent global media and entertainment conglomerate, renowned for its expansive television, film, streaming, and gaming port
Principal, Security Engineering & Vulnerability Management
Location
New York + 1 moreAll locations: New York | California
Posted
3 days ago
Salary
$177.2K - $329.0K / year
Seniority
Senior
Job Description
Principal, Security Engineering & Vulnerability Management
Warner Bros. Discovery
Title: Principal, Security Engineering & Vulnerability Management for WB Games Welcome to Warner Bros. Discovery… the stuff dreams are made of. Who We Are… When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next… From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive. *Must work a hybrid schedule (3 days onsite) out of our NYC or Burbank office.* The Job The Principal, Security Engineering & Vulnerability Management for WB Games is a key leader within the Global Information and Content Security (GICS) team, implementing WBD's security strategy, policies, and standards across global WB Games operations. This critical role helps ensure timely, trustworthy, and fair-minded WB Games to audiences everywhere by driving the security of technical and digital operations. This Principal role is responsible for maintaining a strategic relationship with WB Games leadership, closely aligning WBD’s cybersecurity strategy with our evolving WB Games strategy. Job Responsibilities: Security Adoption - Act as the primary link between WB Games and WBD’s centralized cybersecurity functions, ensuring security initiatives are aligned with business goals and priorities. - Lead the adoption and enforcement of Global Information and Content Security policies and standards across WB Games business lines. - Partner with GICS leadership to drive adoption of core security services (Identity and Access Management, Logging and Monitoring, Detection and Response, Vulnerability Management, Product Security, Cloud Security, and Content Security) throughout global WB Games operations. - Provide direction and supervision on security-related projects and initiatives, ensuring compliance with global security standards and best practices. - Support enterprise and business-line regulatory and compliance requirements, developing implementation strategies that minimize operational impact and disruption. - Foster a strong security culture and promote awareness, accountability, and technical security measures across WBD’s global WB Games functions. Vulnerability and Threat - Lead the identification and reporting of key risk indicators (KRIs) for WB Games operations, driving analytics, metrics, and executive-level reporting to WBD leadership. - Drive vulnerability and threat remediation at scale across internet-facing and internal WB Games assets, partnering with engineering owners to prioritize exposures and reduce time-to-remediate. - Support security operations and incident response teams in the identification, investigation, and mitigation of cybersecurity incidents impacting WB Games. - Evaluate and recommend security solutions and tools that strengthen WB Games’ detection, response, and remediation capabilities. - Handle security exceptions for global WB Games operations, ensuring proper documentation, approval, risk acceptance, and periodic review. Secure Development - Partner with WB Games engineering and studio teams to integrate security throughout the software development lifecycle across GitHub and Perforce-based workflows. - Drive adoption of secure development tooling and controls — including SAST, DAST, secrets management, dependency scanning, branch protections, and CI/CD guardrails — embedded directly into developer pipelines. - Champion secure-by-design principles and threat modeling across game studios, live-service platforms, and online services. - Lead application and product security reviews for new game launches, major releases, and live-service features prior to public exposure. The Essentials - Executive presence, technical security expertise, business acumen, communication skills and alignment focus. - Bachelor’s degree in computer science, Engineering, or other related discipline preferred or 10+ years of previous technical security experience. - 10+ years of supervisory or management experience in a technical security environment. - Strong technical engineering background, with the ability to engage credibly with software, infrastructure, and platform engineering teams on architecture, code, and operational decisions. - Demonstrated experience securing the software development lifecycle, including hands-on familiarity with source control and build platforms used in games and media production, particularly GitHub and Perforce, and the ability to embed security controls (SAST/DAST, secrets management, branch protections, CI/CD guardrails) directly into developer workflows. - Proven track record in vulnerability and threat remediation at scale, prioritizing exposures, driving root-cause fixes with engineering owners, and reducing time-to-remediate for both internet-facing and internal assets in fast-moving threat environments. - Should possess proficiency in the technical aspects of cyber security, such as: - Cloud infrastructure and concepts, specifically the security aspects thereof - Application security topics such as the OWASP top 10. - SIEM & logging tools - Vulnerability Management and EDR/XDR toolsets. - Network and Compute architectures - Identity & Access Management and Privileged Access Management - Solid knowledge of various regulatory requirements and information security control frameworks (ISO, NIST, PCI, GDPR, CCPA, SOX). - Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security. - Hands-on experience with security practices such as security incident response and risk management. - Exceptional verbal and written communication skills, specifically the ability to communicate within the context of the intended audience, whether that be senior executives or highly technical engineering resources. Good understanding of Industry trends and emerging threats. - Experience in leading projects leveraging global teams with matrix resources. - Extensive experience in the information security field designing and implementing enterprise security solutions in a global context. The Nice to Haves - Experience in providing Cybersecurity services and modeling for Media, Broadcast & Entertainment companies. - Security certifications are a plus (CISSP, CISM, CISA, SANS, etc.) How We Get Things Done… This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview. Championing Inclusion at WBD Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law. If you’re a qualified candidate with a disability and you require adjustments or accommodations during the job application and/or recruitment process, please visit our accessibility page for instructions to submit your request. In compliance with local law, we are disclosing the compensation, or a range thereof, for roles in locations where legally required. Actual salaries will vary based on several factors, including but not limited to external market data, internal equity, location, skill set, experience, and/or performance. Base pay is just one component of Warner Bros. Discovery’s total compensation package for employees. Pay Range: $177,170.00 - $329,030.00 salary per year. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Warner Bros. Discovery provides a variety of benefits to employees, including health insurance coverage, an employee wellness program, life and disability insurance, a retirement savings plan, paid holidays and sick time and vacation. If you’re a qualified candidate with an arrest or conviction record, please know that your application will be considered in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Principal AI Security Specialist
ZscalerWe make it easy to secure your cloud transformation. Get fast, secure, and direct access to apps without appliances.
About Zscaler Zscaler accelerates digital transformation to ensure our customers can be more agile, efficient, resilient, and secure. As an AI-forward enterprise, we are constantly pushing the envelope, leveraging the world’s largest security data lake to power our cloud-native Zero Trust Exchange platform. This innovation protects our customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Here, impact in your role matters more than title and trust is built on results. We say, impact over activity. We seek innovators who actively use AI to amplify their impact and who thrive in an environment where we leverage intelligent systems to stay ahead of evolving threats. We believe in transparency and value constructive, honest debate—we’re focused on getting to the best ideas, faster. We build high-performing teams that can make an impact quickly and with high quality. To do this, we are building a culture of execution centered on customer obsession, collaboration, ownership, and accountability. We value high-impact, high-accountability with a sense of urgency where you’re enabled to do your best work and embrace your potential. If you’re driven by purpose, thrive on solving complex challenges, and want to be part of the team that’s helping to secure the AI age, we invite you to bring your talents to Zscaler and help shape the future of cybersecurity. About the RoleThe AI revolution is here, and enterprises are racing to adopt GenAI—but they cannot deploy what they cannot secure. Zscaler is seeking an experienced Principal AI Security Specialist to bridge the gap between cutting-edge AI innovation and robust enterprise security. In this highly strategic, field-facing role, you will combine the elite consultative strengths of a Solutions Engineer with deep expertise in LLMs, RAG architectures, and data protection. As our premier technical authority, you will partner with Fortune 500 executives and architects, serving as a trusted advisor to help them confidently unlock the power of AI without compromising their data or infrastructure. If you are a builder, an educator, and a master storyteller who thrives in a fast-evolving market, this is your chance to lead the industry's most critical conversation. What You’ll Do - Architect the AI Technical Strategy: Partner with enterprise account teams to own and execute the technical sales strategy, driving complex, high-value AI security opportunities from discovery to close. - Deliver Compelling, High-Impact Demos & POVs: Configure and present tailored, outcome-driven demonstrations of Zscaler’s AI security platform that resonate with both deep-tech practitioners and C-level executives. When needed, take customers through successful demos and POVs to validate Zscaler’s ability to securely enable enterprise AI. - Serve as a Subject Matter Expert: Act as the field authority on modern AI patterns (such as RAG, agents, and prompt workflows), advising clients on how to prevent sensitive data exposure and unsanctioned AI usage. - Scale the Field Motion: Collaborate with Product and Engineering to inject real-world customer feedback into the product roadmap, while building reusable demo assets and enablement playbooks to upscale our global sales force. - Enable Those Around You: Develop reusable demos, technical assets, competitive positioning, and enablement content to help scale Zscaler’s AI field motion while sharing best practices and training with enterprise account teams Who You Are (Success Profile) - You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful. - You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. You adapt to what’s needed, navigating seamlessly between high-level strategy and hands-on execution. - You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust. - You are customer-obsessed. You build deep empathy for the customer—both internal and external—and anchor your decisions in solving their real-world problems. You champion their needs from start to finish, knowing their success is our success. - You are driven by innovation. You have a deep curiosity for how things work and are energized by solving complex technical challenges. You believe in the power of technology to accelerate transformation and are always looking for a better, more secure, and scalable way. What We’re Looking For - Deep Fluency in AI/GenAI: Strong foundational knowledge of Large Language Models (LLMs), retrieval-augmented generation (RAG), MCP (Model Context Protocol) orchestration patterns, and the inherent security risks associated with them. - 10+ Years of Solutions Engineering Mastery: A proven track record in a customer-facing technical role (Sales Engineering, Solutions Architecture, or Technical Advisory) navigating complex, enterprise-level sales cycles. - Enterprise Security Foundations: Solid grasp of cybersecurity principles, including Zero Trust architecture, data loss prevention (DLP), cloud-native security platforms, and API integrations. - Elite Executive Communication: Exceptional presentation and storytelling skills, with a demonstrated ability to seamlessly translate complex AI architectures into tangible business value and security outcomes. - Collaborate and Co-elevate: Successfully work cross-functionally with Sales, Solutions Engineering, Product, Engineering, Marketing, and other go-to-market teams in a hyper-growth, rapidly evolving market. Preferred Qualifications - Hands-on AI Prototyping: Interacting with LLM APIs, scripting, creating agentic automation routines, and building lightweight AI applications. - Advanced AI Risk Expertise: Direct experience helping enterprises deploy production AI technologies while navigating data leakage, model governance, compliance frameworks, and shadow AI usage. - Scale & Enablement Focus: A history of creating high-impact field assets, technical workshops, and competitive positioning content that helps broader go-to-market teams win. #LI-LK2 #LI-Hybrid At Zscaler, we are committed to building a team that reflects the communities we serve and the customers we work with. We foster an inclusive environment that values all backgrounds and perspectives, emphasizing collaboration and belonging. Join us in our mission to make doing business seamless and secure. Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including: - Various health plans - Time off plans for vacation and sick time - Parental leave options - Retirement options - Education reimbursement - In-office perks, and more! Learn more about Zscaler's hybrid working model and benefits here. By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines. Zscaler is committed to providing equal employment opportunities to all individuals. We strive to create a workplace where employees are treated with respect and have the chance to succeed. All qualified applicants will be considered for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status, or any other characteristic protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link. Pay Transparency Zscaler complies with all applicable federal, state, and local pay transparency rules. Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.
Offensive Security Specialist
Cybersecurity Advisors Network (CyAN)An international community of cyber advisors from various disciplines and background, who want to build a better future
• Perform scoped and open-ended assessments on internal and external facing systems. • Perform threat and vulnerability research to identify new ways of achieving the program’s mission and act as a source for innovation within the cybersecurity industry. • Develop and implement processes and/or tools that assist with execution of security assessments, including custom tools and automation. • Work with the customer to identify gaps and address findings.
M365 Security Engineer
jobs.beyonnex.iobeyonnex.io is part of noventic group, a pan-European group of companies driving climate intelligent management of real estate. The independently operating noventic brands manufacture sensors, radio hardware and control devices, offer services for the operation of IoT infrastructures in real estate, and operate Enterprise-IoT-Suite as well as applications for the realization of climate goals, comfort and profitability. With over 1,250 employees, the company now realizes a turnover of nearly €300 million and is considered the driver of innovation in the industry.
Role Description With a team of Information Security experts (m/f/d), the future position holder will be responsible to further improve the security posture over the whole noventic group and implement concepts groupwide. The following tasks will be part of your position: - Improve the security of our (hybrid) M365 tenants. Hands-on and in cooperation with M365 Administrators. - Coach and support our IT colleagues and teams to get beyond Microsoft's security mechanisms and concept. - Contribute to governance, security and compliance strategies within the Microsoft ecosystem (e.g. information protection, data classification). - Helping to maintain a security culture in our group through education and other activities. - Responding to and handling security incidents and improving the remediation processes. Qualifications - Several years of hands-on experience with Microsoft 365 security and Compliance (Entra ID, Defender, Intune, Purview, tenant configuration). - Knowledge of Zero Trust concepts and their practical implementation within the Microsoft security ecosystem. - Solid understanding of how configurations translate into real risk: You can distinguish between theoretical best practice and practical impact. - Curiosity and the ability to learn quickly with a problem-solving mindset. - Strong communication skills in both English and German (C1 or better). - You are located in Northern Germany and willing to travel to the headquarter in Hamburg from time to time. Requirements - Interest in emerging topics like AI security and Copilot governance. - Experience with multi-tenant environments or complex organizational structures. - Experience in migration of On-Prem Microsoft Systems to M365. - Experience with security standards (ISO 27001, NIST, etc.) – especially translating them into technical controls. Benefits - Modern hardware and the opportunity to work with cutting-edge technologies. - Besides our 100% remote work possibility, we offer an office in Hamburg (Hammerbrook) and Munich for a more personal collaboration. - Space and budget for personal growth. - Flexible working hours. - 30 days vacation. - Events for employees to celebrate our achieved goals and great team-spirit. - Community of Practice and Knowledge Nuggets for improving your skills. - Corporate Benefits and Mental Health Programme. - Subsidized Urban Sports Club membership. - Jobticket. - JobRad-Leasing. - Coffee, tea and water for free in our office. What's next? If you are interested in the role, this is the way how to proceed: - Send us your complete application documents (curriculum vitae and references). - Once you've submitted an application, if successful, you will directly get in touch with our HR team. - You'll meet potential team members of beyonnex to get more information about our company and why we love to work at beyonnex. - In case you have any questions about the offered position, your application or the application process, send us an email to jobs@beyonnex.io.
Role Description We are looking for a Junior Security Engineer to join our Information Security team. This is a hands-on, operational role across a broad range of security disciplines. You will be responsible for the day-to-day health of our security environment: - Monitoring and responding to SOC alerts - Managing our email and endpoint security platforms - Conducting basic log analysis - Supporting our vulnerability management program You will work closely with senior security personnel and IT teams to keep our environment protected and our response capabilities sharp. This role is ideal for someone who takes ownership, communicates clearly, and is eager to grow into a more senior security role over time. This role requires access to CUI and a FedRAMP/GovCloud-hosted environment. Candidates must be U.S. citizens physically located and working within the United States. Qualifications - 1–2 years of experience in a security, IT, or systems administration role; relevant internships and co-ops are welcome. - Foundational understanding of networking concepts including TCP/IP, DNS, HTTP/S, firewalls, and VPNs. - Familiarity with Windows and Linux operating systems in an enterprise environment. - Basic understanding of common attack techniques, threat actor TTPs, and the MITRE ATT&CK framework. - Experience working within a ticketing system such as ServiceNow, Jira, or Zendesk. - Strong analytical and problem-solving skills with high attention to detail. - Clear written and verbal communication skills with the ability to document findings and escalate appropriately. - Ability to manage competing priorities in a fast-paced, team-oriented environment. Requirements - Monitor and triage SOC alerts from SIEM, EDR, and email security platforms, investigating and escalating threats according to established runbooks and incident response procedures. - Manage the day-to-day security ticket queue, ensuring timely resolution, accurate documentation, and clear stakeholder communication from open to close. - Administer our email security platform, including policy configuration, quarantine management, phishing investigation, and ongoing tuning to reduce false positives while maintaining strong threat coverage. - Operate and maintain EDR — monitoring detections, investigating endpoint alerts, managing agent deployment and updates, performing remediation actions, and tuning policies to minimize noise without reducing visibility. - Perform basic log analysis and SIEM querying to identify anomalous or malicious activity, support incident investigations, and assist in onboarding new log sources. - Support the vulnerability management program by reviewing and prioritizing CVE and scan findings based on risk and asset criticality, coordinating remediation with IT and engineering teams, and tracking patching progress. - Research newly disclosed CVEs to assess organizational relevance and provide timely internal guidance on recommended action. - Assist in the administration and tuning of additional security controls including firewalls, DLP, MFA, and network monitoring solutions. - Support identity and access management tasks including MFA enrollment, access reviews, and privileged account monitoring in alignment with least-privilege principles. - Participate in phishing simulations and security awareness activities, helping to educate end users and reduce human risk. - Contribute to the development and maintenance of security runbooks, standard operating procedures, and documentation. - Support security projects including tool evaluations, policy development, and compliance initiatives such as SOC 2, ISO 27001, or NIST CSF. Benefits - Salary Range: $64,000–$75,000 - This base pay range will vary depending on experience, qualifications, and location.


