Fanatics

Sr. Application Security Engineer

Hyderabad, India Remote Hybrid
Python Ruby Objective-C PHP AWS JavaScript Go C# Chef Microservices Java Git Azure GCP API
Description

Fanatics is searching for an experienced application security specialist to help protect Fanatics-developed applications which are used externally and internally. A successful candidate will display strong communication and technical skills and be comfortable and effective working independently and as part of a larger, highly distributed team.
We're looking specifically for folks who place an emphasis on usable security and scaling successfully through automation. Fanatics is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.
Responsible for continually improving product security by partnering with developers in all phases of software development life cycle. Work with teams to ensure security standards are maintained on the design and implementation of applications and systems in cloud and on-premises environments.

 

EXPERIENCE REQUIRED:
·         A minimum of 7+ years of experience.

 

RESPONSIBILITIES:
 

  • Establish security best processes and practices for our mobile, on-premises and cloud-based platforms.
  • Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls.
  • Support and consult with product and development teams in the area of application security, including threat modeling and Application Security reviews.
  • Implement, continuously develop, and maintain secure Software Security Development Lifecycle processes and software maturity model.
  • Perform threat modeling, secure design, and source code review.
  • Conduct security assessments, security testing and validation of vulnerability scan results.
  • Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
  • Incorporate security tools/tasks to automate product development and deployment.
  • Develop, implement, and automate defensive controls, creating and tuning tools and rules to detect and address malicious activity. Responsible for integration of security controls into SDLC.
  • Establish supply chain security process and ensure 3rd party software meet the standards.
  • Facilitate injection, integration, and compliance for Static Application Security Testing (SAST), Container Security Scanning & Open-Source Security Analysis during development phase.
  • Facilitate injection, integration, and compliance for Dynamic Application Security Testing (DAST)
  • Contribute to triaging, addressing security issues and tracking remediation.
  • Own and manage Secure SDLC tooling.
  • Develop and customize security tools used by security teams and developers.
  • Work closely with development teams to build security directly into their SDLCs.
  • Provide remediation guidance to programmers and management.
  • Support bug bounty program
  • Support the preparation of security releases
  • Mentor and train development teams on secure coding standards and techniques. Develop Secure Coding Program.
  •  Constantly innovate at the pace of the adversary using latest techniques.

GENERAL KNOWLEDGE, SKILLS & ABILITIES:   

  • In-depth knowledge of web and mobile security vulnerabilities, attack vectors and mitigation techniques 
  • Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on level coding experience with at least one scripting and one objected oriented programming language. 
  • Fluent with security testing with SAST, SCA, DAST, IAST, Fuzz and penetration testing tools 
  • Understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25 
  • Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond). 
  • Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP. 
  • Knowledge of DevSecOps to maintain security in CI/CD pipeline. 
  • Solid experience with security tools like Semgrep, CheckMarx, VeraCode, BurpSuite, Snyk, Nessus 
  • Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk 
  • Experience writing custom rules for static analysis tools. 
  • Experience with API Security, IaC, Containerization, RASP, IAST 
  • Experience with micro services, container deployment and service orchestration 
  • Strong knowledge of cryptography, API security, and secret management 
  • Ability to clearly and effectively communicate concerns and issues to the management and engineers. 
  • Experience with Cloud (AWS, Azure, GCP) Security 
  • Experience writing tools to automate tasks and integrate systems using scripting languages like Go, Python and REST APIs.  
  • Experience in delivering and educating development groups in Secure Coding 
  • Expertise with common vulnerabilities and attack vectors. 
  • Experience integrating security tools into developer pipelines. 
  • DevOps experience managing deployment and configuration. 

 

GENERAL SKILLS INCLUDE: 

  • Strong critical thinking and analytical skills 
  • Ability to approach problem solving in a constructive and collaborative way that does not require absolute security.  
  • The ability to communicate complicated technical issues and risks to programmers, network engineers and managers. 
  • Strong leadership, project, and team-building skills 
  • Exceptional communication skills with diverse audiences; the ability to be an application security subject matter expert who can explain relevant topics to general audiences. 

 

EDUCATIONAL REQUIREMENTS:
·         Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience
·         Certifications in the field of Information Security (at least one of the following: CISSP, CEH, GIAC, CWAPT, GWAPT, GWEB)

 

Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally. 
Fanatics Commerce is a leading designer, manufacturer, and seller of licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods. It operates a vertically-integrated platform of digital and physical capabilities for leading sports leagues, teams, colleges, and associations globally – as well as its flagship site, www.fanatics.com. 

Fanatics Commerce has a broad range of online, sports venue, and vertical apparel partnerships worldwide, including comprehensive partnerships with leading leagues, teams, colleges, and sports organizations across the world—including the NFL, NBA, MLB, NHL, MLS, Formula 1, and Australian Football League (AFL); the Dallas Cowboys, Golden State Warriors, Paris Saint-Germain, Manchester United, Chelsea FC, and Tokyo Giants; the University of Notre Dame, University of Alabama, and University of Texas; the International Olympic Committee (IOC), England Rugby, and the Union of European Football Associations (UEFA).
Fanatics
Fanatics
eSports Manufacturing Retail Sporting Goods Sports

1 applies

6 views

There are more than 50,000 engineering jobs:

Subscribe to membership and unlock all jobs

Engineering Jobs

60,000+ jobs from 4,500+ well-funded companies

Updated Daily

New jobs are added every day as companies post them

Refined Search

Use filters like skill, location, etc to narrow results

Become a member

🥳🥳🥳 401 happy customers and counting...

Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.

To try it out

For active job seekers

For those who are passive looking

Cancel anytime

Frequently Asked Questions

  • We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
  • We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
  • We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
  • We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
  • Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
  • Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
  • Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅

What Fellow Engineers Say