Description
POSITION DESCRIPTION:
Fanatics is searching for an experienced infrastructure security specialist to help protect Fanatics infrastructure. A successful candidate will display strong communication and technical skills and be comfortable and effective working independently and as part of a larger, highly distributed team.
We're looking specifically for folks who place an emphasis on usable security and scaling successfully through automation. Fanatics is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.
Responsible for continually improving product security by partnering with infrastructure in all phases of the development and deployment process. Work with various Infrastructure teams to identify and mitigate security issues, vulnerabilities, and misconfigurations by applying their in-depth knowledge of operating systems, infrastructure, and cloud providers. Work very closely with the Security Operations Team and share their findings in a proactive manner. Work with teams to ensure security standards are maintained on the design and implementation of platforms and systems in cloud and on-premises environments.
RESPONSIBILITIES:
- Establish security best processes and practices for our mobile, on-premises and cloud-based platforms.
- Support infrastructure teams from the perspective of security engineering by injecting appropriate security controls
- Establish and maintain Infrastructure as code scanning engine
- Establish and maintain infrastructure vulnerability management engine
- Build tooling to ensure Security Engineering can deliver often and with confidence
- Defining security controls for all aspects of our on-premise and cloud infrastructure
- Managing cryptography and encryption controls
- Coordinate security implementation work with Infrastructure teams and other members of Security Department
- Managing Web Application Firewall (building new rules, maintaining existing, monitoring and adjusting according to the signals)
- Working with analysts, engineers, and data scientists across the organization to continually improve cyber resilience.
- Managing KMS, Secrets, certificate management platforms
- Support the regulatory compliance initiatives, processes and documentation for ISO 27001, PCI, SOC2, etc.
- Assist with incident response practices including incident management, coordination, analysis and investigation of potential security events
- Design and implement safeguards by working with others to progress cloud security posture in the form of software, hardware, or operating procedures
- Monitor environments with performing setup of tools, logging and monitoring, and threat detection to determine if any attacks on cloud systems working with the SOC
- Constantly innovate at the pace of the adversary using latest techniques.
EDUCATIONAL REQUIREMENTS:
- Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience
- Certifications in the field of Information Security (at least one of the following: AWS Solutions Architect, AWS Security Specialty, CISSP, CEH, GIAC)
EXPERIENCE REQUIRED:
- 10+ years of experience in related IT Security environment
GENERAL KNOWLEDGE, SKILLS & ABILITIES:
- Serve as a mentor to other Infrastructure Security team members, providing guidance and support
- Drive the most difficult and complex infrastructure security reviews and threat modeling.
- Develop, evangelize and monitor the adoptions of sound security practices
- Champion recruiting activities
- Have significant ownership in and evangelize security training with infrastructure teams
- Subject Matter Expert (SME) in at least 1 technical areas impacting the security of the infrastructure
- Author technical security documents
- Author questions/processes for hiring and screening candidates
- In-depth knowledge of infrastructure security vulnerabilities, attack vectors and mitigation techniques
- Demonstrated experience in cloud security, systems security, site-reliability engineering
- Demonstrated experience with Linux/Windows/Mac Operating Systems and common OS hardening practices
- Demonstrated experience with running systems at scale
- Proficiency in succinctly document technical details
- Demonstrated ability and experience to identify and mitigate security issues, misconfigurations and vulnerabilities related to cloud, container and Kubernetes infrastructure
- Ability to implement new and update existing security measures for the protection of the Fanatics infrastructure
- Demonstrated experience to utilize log ingestion platforms for security analytics and identification of tactics, techniques and patterns of attackers.
- Demonstrated experience to contribute to the creation of the runbooks
- Demonstrated experience to the production and tuning of detection rules
- Demonstrated experience managing KMS, Secrets management, Certificate Management platforms: Akeyless, Hashicorp Vault
- Participate in the Security Engineering Team on-call rotation
- Ability to clearly and effectively communicate concerns and issues to the management and engineers.
- Experience with Cloud (AWS, Azure, GCP) Security
- Experience with various AWS security services and tooling: Cloudformation, VPC, IAM, SecurityHub, Cloudtrail, Cloudwatch, Lambda, etc.
- Experience using log analysis platforms such as Splunk, ELK, etc.
- Experience with one or more programming languages (Python, Go, PHP, Ruby)
- Experience with firewalls and networking equipment – hardening configurations
- Demonstrated experience with shell scripting is required.
- Demonstrated experience with terraform is required.
- Working experience with Kubernetes and Docker.
- Technical knowledge of systems in multi-tenant, cloud environment.
- Experience with Infrastructure as code (IaC) and IaC scanning
- Experience with vulnerability management and patching, infrastructure vulnerability scanning
- Demonstrated experience with WAF (Akamai, AWS WAF, etc.)
- DevOps experience managing deployment and configuration.
General skills include:
- Strong critical thinking and analytical skills
- Ability to approach problem solving in a constructive and collaborative way that does not require absolute security.
- The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.
- Strong leadership, project, and team-building skills
- Exceptional communication skills with diverse audiences; the ability to be an infrastructure security subject matter expert who can explain relevant topics to general audiences.
Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally.
Fanatics Commerce is a leading designer, manufacturer, and seller of licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods. It operates a vertically-integrated platform of digital and physical capabilities for leading sports leagues, teams, colleges, and associations globally – as well as its flagship site, www.fanatics.com<http://www.fanatics.com/>.
Fanatics Commerce has a broad range of online, sports venue, and vertical apparel partnerships worldwide, including comprehensive partnerships with leading leagues, teams, colleges, and sports organizations across the world—including the NFL, NBA, MLB, NHL, MLS, Formula 1, and Australian Football League (AFL); the Dallas Cowboys, Golden State Warriors, Paris Saint-Germain, Manchester United, Chelsea FC, and Tokyo Giants; the University of Notre Dame, University of Alabama, and University of Texas; the International Olympic Committee (IOC), England Rugby, and the Union of European Football Associations (UEFA).
At Fanatics Commerce, we infuse our BOLD Leadership Principles in everything we do:
· Build Championship Teams
· Obsessed with Fans
· Limitless Entrepreneurial Spirit
· Determined and Relentless MindsetFanatics is searching for an experienced infrastructure security specialist to help protect Fanatics infrastructure. A successful candidate will display strong communication and technical skills and be comfortable and effective working independently and as part of a larger, highly distributed team.
Other Jobs from Fanatics
Elixir Staff Software Engineer
New York, NY
US
Elixir Software Engineer III, Card Innovation
Remote
New York, NY
Staff Engineer Data
Hyderabad, India
Remote Hybrid
Similar Jobs
Software Engineer (Java/Python + DevOps CI/CD)
Remote
India
GenAI Python Systems Engineer –Senior Manager
San Diego, CA
Los Angeles, CA
Principal Site Reliability Engineer
London, UK
Senior Software Engineer I
Remote
Senior Data Engineer (AS)
Remote
LATAM
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
60,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
🥳🥳🥳 452 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
To try it out
For active job seekers
For those who are passive looking
Cancel anytime
Frequently Asked Questions
- We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
- We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
- We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
- We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
- Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
- Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
- Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅
What Fellow Engineers Say
