Fanatics is building a leading global digital sports platform. The company ignites the passions of global sports fans and maximizes the presence and reach for hundreds of sports partners globally by offering innovative products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans, a global partner network with over 900 sports properties, including major national and international professional sports leagues, teams, players associations, athletes, celebrities, colleges, and college conferences, and over 2,000 retail locations, including its Lids retail business stores.
As a market leader with more than 18,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives.
Fanatics is searching for an experienced application security specialist to help protect Fanatics-developed applications which are used externally and internally. A successful candidate will display strong communication and technical skills and be comfortable and effective working independently and as part of a larger, highly distributed team.
We're looking specifically for folks who place an emphasis on usable security and scaling successfully through automation. Fanatics is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.
Responsible for continually improving product security by partnering with developers in all phases of software development life cycle. Work with teams to ensure security standards are maintained on the design and implementation of applications and systems in cloud and on-premises environments.
EXPERIENCE REQUIRED:
· A minimum of 3 years of experience.
RESPONSIBILITIES:
· Establish security best processes and practices for our mobile, on-premises and cloud-based platforms.
· Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls.
· Support and consult with product and development teams in the area of application security, including threat modeling and Application Security reviews.
· Implement, continuously develop, and maintain secure Software Security Development Lifecycle processes and software maturity model.
· Perform threat modeling, secure design, and source code review.
· Conduct security assessments, security testing and validation of vulnerability scan results.
· Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
· Incorporate security tools/tasks to automate product development and deployment.
· Develop, implement, and automate defensive controls, creating and tuning tools and rules to detect and address malicious activity. Responsible for integration of security controls into SDLC.
· Establish supply chain security process and ensure 3rd party software meet the standards.
Facilitate injection, integration, and compliance for Static Application Security Testing (SAST), Container Security Scanning & Open-Source Security Analysis during development phase.
Facilitate injection, integration, and compliance for Dynamic Application Security Testing (DAST)
Contribute to triaging, addressing security issues and tracking remediation.
Own and manage Secure SDLC tooling.
Develop and customize security tools used by security teams and developers.
Work closely with development teams to build security directly into their SDLCs.
Provide remediation guidance to programmers and management.
Support bug bounty program
Support the preparation of security releases
· Mentor and train development teams on secure coding standards and techniques. Develop Secure Coding Program.
· Constantly innovate at the pace of the adversary using latest techniques.
EDUCATIONAL REQUIREMENTS:
· Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience
· Certifications in the field of Information Security (at least one of the following: CISSP, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)