Cloud Security Architect

Cloud Security Architect

Welcome to Warner Bros. Discovery… the stuff dreams are made of.

When we say, "the stuff dreams are made of," we're not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD's vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what's next…

From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive.

Must work a hybrid schedule (3 days onsite) out of our DC or Silver Spring office.

The Cloud Security Architect is a hands-on security leader with deep expertise in designing, securing, and assessing enterprise-scale public cloud environments. As a lead member of the Warner Bros. Discovery (WBD) Cloud Security team, this role partners closely with engineering and product teams to embed security into cloud architectures, platforms, and workflows across AWS, with a working knowledge and experience of Azure and GCP in case of emergency support/maintenance is required.

Role Responsibilities:

• Serve as a Cloud Security Subject Matter Expert (SME) for Warner Bros. Discovery's Information Security organization, providing authoritative guidance on public cloud security architecture and engineering.
• Proactively identify cloud security risks across AWS, Azure, and GCP environments, design pragmatic mitigation strategies, and lead or influence implementation efforts in partnership with engineering teams.
• Design and produce clear, actionable architecture and security design artifacts to enable the Cloud Security team to implement solutions, whether developed in-house or delivered via third-party vendors.
• Partner closely with product and platform engineering teams to design, review, and validate secure network, compute, container, and serverless architectures.
• Provide hands-on IAM guidance, including policy design and review, to ensure least-privilege access models are consistently implemented across cloud environments.
• Review cloud architecture and AI/ML workloads to advise development teams on secure design patterns, data protection, identity controls, and potential security gaps prior to deployment.
• Engage with public cloud service providers to evaluate and influence security features, roadmap capabilities, and best-practice implementations.
• Evaluate cloud security vendors and tools (including CSPM/CNAPP platforms), conduct proof-of-value assessments, and provide recommendations based on technical fit and risk reduction.
• Mentor and support junior cloud security team members through technical guidance, design reviews, and knowledge sharing.
• Develop and maintain cloud security documentation, including architectural standards, reference designs, configuration guidelines, and operational processes.
• Collaborate with senior leadership and cross-functional stakeholders to assess current and future cloud security requirements and align solutions with business and technology strategy.
• Continuously stay current with emerging cloud threats, attack techniques, and security tooling, applying this knowledge to improve WBD's cloud security posture.

Qualifications & Experience Required:

• Bachelor's degree in computer science, Information Security, or a related technical discipline, or equivalent practical experience with 6-8 years of strong experience.
• Strong hands-on understanding of public cloud infrastructure components and architectures, with demonstrated ability to identify and mitigate security risks in decentralized, hybrid, and multi-account cloud environments.
• Solid understanding of information security principles, risk management, and compliance frameworks, and how they apply to large-scale public cloud platforms.
• Proven experience designing, building, and securing AWS-based cloud environments, with meaningful hands-on experience in Azure; exposure to GCP is a plus.
• Ability to automate security processes end-to-end and collaborate closely with cloud engineering and product teams to integrate security into CI/CD pipelines and development workflows.
• Proficiency in at least one modern scripting or programming language (e.g., Python, Go, or Node.js) for automation, tooling, and integrations.
• Strong foundational knowledge of IP networking concepts, including routing, VPNs, DNS, and network segmentation in cloud environments.
• Hands-on experience in several of the following areas:
• Cloud security administration across AWS, Azure, and/or GCP
• Designing and securing serverless applications and managed cloud services
• Infrastructure-as-Code tools such as Terraform, CloudFormation, or Ansible
• Command-line tooling (Bash, PowerShell, AWS CLI, Azure CLI)
• Container and orchestration technologies (Docker, Kubernetes)
• Cloud network architecture and VPC/VNet engineering
• Cloud-native security services (e.g., AWS GuardDuty, Azure Defender for Cloud, GCP Security Command Center, WAF)
• Source control and pipeline security (e.g., GitHub Security features)
• Excellent verbal and written communication skills, with the ability to clearly articulate complex technical concepts to both technical and non-technical audiences.
• Demonstrated ability to manage multiple priorities and remain effective in a fast-paced, rapidly changing environment.
• Strong curiosity and commitment to continuous learning, with a desire to stay current on emerging cloud security threats, tools, and best practices.

The Nice to Haves:

• One or more current cloud provider certifications demonstrating advanced knowledge of cloud architecture and security, such as:
• AWS: Solutions Architect (Associate or Professional), Security – Specialty
• Azure: Azure Fundamentals, Azure Solutions Architect Expert
• GCP: Associate Cloud Engineer, Professional Cloud Security Engineer
• Industry-recognized security certifications reflecting a strong security foundation, such as CISSP or CompTIA Security+.
• Hands-on experience with cloud security platforms and tooling, including CSPM/CNAPP solutions (e.g., Wiz), SIEM and observability tools (e.g., Splunk), and cloud risk or asset management platforms (e.g., Brinqa).
• Experience integrating security tooling and workflows with engineering collaboration platforms such as Slack, Jira, and CI/CD pipelines.

Championing Inclusion at WBD

Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.

If you're a qualified candidate with a disability and you require adjustments or accommodations during the job application and/or recruitment process, please visit our accessibility page for instructions to submit your request.

In compliance with local law, we are disclosing the compensation, or a range thereof, for roles in locations where legally required. Actual salaries will vary based on several factors, including but not limited to external market data, internal equity, location, skill set, experience, and/or performance. Base pay is just one component of Warner Bros. Discovery's total compensation package for employees. Pay Range: $133,140.00 - $247,260.00 salary per year. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Warner Bros. Discovery provides a variety of benefits to employees, including health insurance coverage, an employee wellness program, life and disability insurance, a retirement savings plan, paid holidays and sick time and vacation.