Inside Radio Jobs
Inside Radio Jobs
Header navigation

Senior Application Security Engineer

companyiHeart Media
locationSan Antonio, TX, USA
PublishedPublished: 2/2/2024
Full Time


Current employees and contingent workers click here to apply and search by the Job Posting Title.

The audio revolution is here - and iHeart is leading it! iHeartMedia, the number one audio company in America, reaches 90% of Americans every month -- a monthly audience that's twice the size of any other audio company - almost three times the size of the largest TV network - and almost 4 times the size of the largest ad-supported music streaming service. In fact, we have:

  • More #1 rated markets than the next two largest radio companies combined;
  • We're the largest podcast publisher, with more monthly downloads than the second- and third-largest podcast publishers combined. Podcasting, the fastest-growing new media, today has more monthly users than streaming music services or Netflix;
  • iHeart is the home of many of the country's most popular and trusted on-air personalities and podcast influencers, who build important connections with hundreds of communities across America;
  • We create and produce some of the most popular and well-known branded live music events in America, including the iHeartRadio Music Festival, the iHeartRadio Music Awards, the iHeartCountry Festival, iHeartRadio Fiesta Latina and the iHeartRadio Jingle Ball Tour;
  • iHeartRadio is the #1 streaming radio digital service in America;
  • Our social media footprint is 7 times larger than the next largest audio service; and
  • We have the only complete audio ad technology stack in the industry for all forms of audio, from on demand to broadcast radio, digital streaming radio and podcasting, which bring data, targeting and attribution to all forms of audio at an unparalleled scale. As a result, we're able to combine our strong leadership position in audience reach, usage and ad tech with powerful tools and insights for our sales organizations to help them build success for their clients at a more efficient cost than any other option.

Because we reach almost every community in America, we're committed to providing a range of programming that reflects the diversity of the many communities we serve - and our company reflects that same kind of diversity. Our company values stress collaboration, curiosity, welcoming dissent, accepting mistakes in the pursuit of new ideas, and respect for everyone.

Only one company in America has the #1 position in everything audio: iHeartMedia!

If you're excited about this role but don't feel your experience aligns perfectly with the job description, we encourage you to apply anyway. At iHeartMedia we are dedicated to building a diverse, inclusive, and authentic workplace and are looking for teammates passionate about what we do!

What We Need:
You will serve as a technical subject matter expert with a secure developer attitude. Help design, define, and implement security requirements, controls, and processes to enable the secure development and function of applications. Perform architecture analysis, threat modeling and technical design reviews of sensitive features and infrastructure to highlight risk and help the development and engineering teams improve the overall security of our products.

Someone with solid Python, Go, or other scripting language where your creativity can help develop security tools and automation.

You will also be partnering with application service teams to implement application security standards, patterns, and guidelines. Educate developers in application security best practices. Help create, enhance, and maintain application security documentation and provide guidance to developers.

Evaluates and recommends new and emerging security products and technologies.

What You'll Do:

  • Show an aptitude for leadership both through practice maturation and by mentoring team members.
  • Work independently and collaboratively with various teams.
  • Implement, onboard, and enforce Application Security tools (SAST, SCA, IaC, DAST and IAST), including cloud-based CI/CD Pipelines.
  • Coordinate software security initiatives with various teams.
  • Conduct and build data flow diagrams & threat modeling with application teams.
  • Manual and tool-based vulnerability management of priority issues.
  • Assist in developing Source Code Review and application security checklists.
  • Advise developers on how to implement security into DevSecOps CI/CD pipelines
  • Secure code repos and release environments/tools.
  • Perform application & mobile pentesting.
  • Lead application security projects and work with vendors to assess new appsec tools, follow through with implementation, and everyday use.

What You'll Need:

  • An analytical mind for problem solving, abstract thought, and offensive security tactics.
  • Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences.
  • Current experience in security testing, assessment, and methodologies (including browser-based, API, CI/CD pipeline, and Mobile)
  • Strong working knowledge of at least two programming or scripting languages, preferably Java. Having C++, C#, or Python, and mastery of object-oriented design and programming helpful.
  • Developer focus and mid-level knowledge of tools such as Terraform, Kubernetes, Serverless functions, and Jenkins.
  • Current experience in secure architectural design review, threat modeling, and technical design reviews, desired.
  • Strong knowledge of CI/CD processes, and tools to use at each stage, including SAST, SCA, IaC, DAST, IAST and application pen testing.
  • Working knowledge on exploiting and fixing application vulnerabilities
  • Familiarity with repository management, such as Github, TFS, AWS or Azure.
  • Familiarity with manual and automated vulnerability management and resolution across multiple teams.
  • Familiarity with securing cloud-based resources, including containers and other basic services, in AWS, GCP, or Azure.
  • Knowledge of configuration and information management analysis, such as XML, JSON, etc.
  • Strong understanding of security principles, policies, and industry best practices.
  • Familiarity with Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), Application Security Verification Standard (ASVS), National Institute of Standards and Technology (NIST) Special Publications.
  • Minimum of 3 years' experience in Application Security
  • Minimum of 5 years' in Software Development
  • Minimum of 3 years' experience supporting security in CI/CD pipelines
  • Must have: Bachelor's Degree or 7 years developer experience with 3 years of application security or equivalent required
  • Nice to have: Certifications in Security, Kubernetes, Docker, AWS, or equivalent.
  • Requires the ability to stay focus and follow through on tasks and in a timely manner

What You'll Bring:

  • Respect for others and a strong belief that others should do this in return
  • Expertise with various technical disciplines and applications
  • Close attention to detail and quality orientation
  • Ability to multitask on a variety of critical projects
  • Ability to work independently, while also collaborating with others
  • Strong communication skills, particularly when explaining complex technical information
  • Ability to provide solutions to problems in situations that are atypical/infrequent
  • Analytical thinking and the ability to identify patterns
  • Efficiency with own work and impact of team results
  • Informal leadership capabilities with an interest in mentoring less experienced team members


Salary to be determined by multiple factors including but not limited to relevant experience, knowledge, skills, other job-related qualifications, and alignment with market data.

$125,600 - $157,000

San Antonio, TX: 20880 Stone Oak Parkway, 78258

Position Type:

Time Type:
Full time

Pay Type:


iHeartMedia's benefits offering is flexible and offers a variety of choices to meet the diverse needs of our changing workforce, including the following:

  • Employer sponsored medical, dental and vision with a variety of coverage options
  • Company provided and supplemental life insurance
  • Paid vacation and sick time
  • Paid company holidays, including a floating holiday that enable our employees to celebrate the holiday of their choosing
  • A Spirit day to encourage and allow our employees to more easily volunteer in their community
  • A 401K plan
  • Employee Assistance Program (EAP) at no cost - services include telephonic counseling sessions, consultation on legal and financial matters, emotional well-being, family and caregiving
  • A range of additional voluntary programs, such as spending accounts, student loan refinancing, accident insurance and more!

We are accepting applications for this role on an ongoing basis.

The Company is an equal opportunity employer and will not tolerate discrimination in employment on the basis of race, color, age, sex, sexual orientation, gender identity or expression, religion, disability, ethnicity, national origin, marital status, protected veteran status, genetic information, or any other legally protected classification or status.

Non-Compete will be required for certain positions and as allowed by law.

Our organization participates in E-Verify. Click here to learn about E-Verify.

Required skills

  • Live Broadcast
  • Java
  • C++
Loading interface...
Loading interface...
Loading interface...
Loading interface...
Loading interface...
Loading interface...