Security Engineer, Global News & Journalism

Warner Bros. Discovery•Washington, DC

8d•Hybrid

About The Position

Welcome to Warner Bros. Discovery… the stuff dreams are made of. Who We Are… When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next… From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive. Must work a hybrid schedule (3 days onsite) out of our downtown DC office. Role & Responsibilities: Embedded Security Engineering & Newsroom Partnership Accountable technical security leader for Global News and Journalism business units. Serve as a trusted advisor to newsroom executives, product leaders, and engineering leadership on security strategy, risk posture, and operational resilience. Proactively embed security into the lifecycle of editorial tools, publishing platforms, broadcast systems, and third-party vendor integrations. Translate enterprise security architecture into pragmatic, scalable solutions tailored to the speed and sensitivity of newsroom operations. Identify and mitigate systemic risks introduced by field reporting, conflict-zone deployments, remote production, and time-critical publishing workflows. Drive secure-by-design principles across newsroom technologies while balancing journalistic independence and operational urgency. Influence roadmap decisions to ensure security requirements are prioritized alongside product and delivery objectives. Provide actionable technical guidance to product, engineering, and senior leadership. Security Control Implementation & Validation Own the implementation, effectiveness, and continuous improvement of security controls protecting newsroom environments. Lead cross-functional initiatives with Identity, Cloud Security, Endpoint, and SOC teams to design and enforce controls including: SSO, MFA, conditional access, and privileged access governance EDR/XDR deployment and device trust enforcement SaaS security architecture (Google Workspace, M365, collaboration and publishing platforms) Logging, monitoring, alerting, and data protection strategies Conduct attack surface analysis across identity, cloud, SaaS, and remote access ecosystems; drive measurable exposure reduction. Establish security baselines for high-risk journalist populations and global field operations. Own vulnerability remediation strategy for newsroom assets, holding stakeholders accountable for risk reduction timelines. Translate risk findings into prioritized engineering initiatives and influence backlog planning. Develop automation and scalable guardrails to reduce manual processes and strengthen proactive security enforcement. Threat Contextualization & Risk Advisory Lead contextual risk assessments tailored to journalists, investigative teams, and high-visibility anchors operating in hostile digital and geopolitical environments. Interpret threat intelligence specific to media organizations, elections, geopolitical conflict, and disinformation campaigns. Design protective controls and response frameworks for account takeovers, impersonation, doxxing, coordinated harassment, and brand abuse. Establish hardened account standards for high-profile journalists and executives. Develop escalation playbooks and executive briefing materials during elections, major geopolitical events, and crisis coverage. Partner with communications, legal, and trust & safety teams to address online abuse and platform-based threats. Provide forward-looking threat modeling to anticipate emerging risks to press freedom and newsroom credibility. Incident Coordination & Technical Response Serve as the technical lead during security incidents affecting News and broadcast systems. Provide system and workflow context to SOC and Incident Response teams. Support forensic analysis across SaaS, endpoints, and cloud environments. Lead post-incident technical reviews and drive durable remediation across identity, SaaS, endpoint, and cloud platforms. Own security hardening initiatives following incidents or threat campaigns targeting journalists. Strengthen business continuity and resilience planning for newsroom operations. Metrics, Reporting & Governance Alignment Maintain visibility into security posture across news and journalism Business units. Track remediation timelines, control adoption, and exposure reduction. Provide concise technical risk summaries to business and security leadership.

Requirements

6+ years of hands-on experience in cybersecurity engineering, security architecture, or security operations.
Bachelor's degree in computer science, engineering or security related field.
Strong working knowledge of: Identity & Access Management (SSO, MFA, conditional access) Endpoint security & EDR/XDR platforms Cloud security (AWS, Azure, or GCP) SaaS security hardening Vulnerability management workflows Incident response and investigation processes
Ability to review technical configurations and validate control effectiveness.
Experience partnering with cross-functional technical and non-technical stakeholders.
Proven ability to operate independently and lead initiatives without direct authority.
Strong analytical and problem-solving skills.
Excellent written and verbal communication skills, with the ability to brief senior leaders and business stakeholders.
Comfort working in fast-paced, high-visibility environments where operational continuity is critical.
Collaborative mindset with experience partnering across legal, compliance, engineering, and business teams.

Nice To Haves

Experience supporting journalists, newsroom systems, or high-risk user populations.
Familiarity with threats targeting media organizations or election infrastructure.
Experience in global, distributed operational environments.
Certifications such as CISSP, GIAC, or equivalent technical credentials.

Responsibilities

Accountable technical security leader for Global News and Journalism business units.
Serve as a trusted advisor to newsroom executives, product leaders, and engineering leadership on security strategy, risk posture, and operational resilience.
Proactively embed security into the lifecycle of editorial tools, publishing platforms, broadcast systems, and third-party vendor integrations.
Translate enterprise security architecture into pragmatic, scalable solutions tailored to the speed and sensitivity of newsroom operations.
Identify and mitigate systemic risks introduced by field reporting, conflict-zone deployments, remote production, and time-critical publishing workflows.
Drive secure-by-design principles across newsroom technologies while balancing journalistic independence and operational urgency.
Influence roadmap decisions to ensure security requirements are prioritized alongside product and delivery objectives.
Provide actionable technical guidance to product, engineering, and senior leadership.
Own the implementation, effectiveness, and continuous improvement of security controls protecting newsroom environments.
Lead cross-functional initiatives with Identity, Cloud Security, Endpoint, and SOC teams to design and enforce controls including: SSO, MFA, conditional access, and privileged access governance EDR/XDR deployment and device trust enforcement SaaS security architecture (Google Workspace, M365, collaboration and publishing platforms) Logging, monitoring, alerting, and data protection strategies
Conduct attack surface analysis across identity, cloud, SaaS, and remote access ecosystems; drive measurable exposure reduction.
Establish security baselines for high-risk journalist populations and global field operations.
Own vulnerability remediation strategy for newsroom assets, holding stakeholders accountable for risk reduction timelines.
Translate risk findings into prioritized engineering initiatives and influence backlog planning.
Develop automation and scalable guardrails to reduce manual processes and strengthen proactive security enforcement.
Lead contextual risk assessments tailored to journalists, investigative teams, and high-visibility anchors operating in hostile digital and geopolitical environments.
Interpret threat intelligence specific to media organizations, elections, geopolitical conflict, and disinformation campaigns.
Design protective controls and response frameworks for account takeovers, impersonation, doxxing, coordinated harassment, and brand abuse.
Establish hardened account standards for high-profile journalists and executives.
Develop escalation playbooks and executive briefing materials during elections, major geopolitical events, and crisis coverage.
Partner with communications, legal, and trust & safety teams to address online abuse and platform-based threats.
Provide forward-looking threat modeling to anticipate emerging risks to press freedom and newsroom credibility.
Serve as the technical lead during security incidents affecting News and broadcast systems.
Provide system and workflow context to SOC and Incident Response teams.
Support forensic analysis across SaaS, endpoints, and cloud environments.
Lead post-incident technical reviews and drive durable remediation across identity, SaaS, endpoint, and cloud platforms.
Own security hardening initiatives following incidents or threat campaigns targeting journalists.
Strengthen business continuity and resilience planning for newsroom operations.
Maintain visibility into security posture across news and journalism Business units.
Track remediation timelines, control adoption, and exposure reduction.
Provide concise technical risk summaries to business and security leadership.