Staff Infrastructure Security Engineer

POSITION DESCRIPTION:

Fanatics is searching for an experienced infrastructure security specialist to help protect Fanatics infrastructure. A successful candidate will display strong communication and technical skills and be comfortable and effective working independently and as part of a larger, highly distributed team.

We're looking specifically for folks who place an emphasis on usable security and scaling successfully through automation. Fanatics is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.

Responsible for continually improving product security by partnering with infrastructure in all phases of the development and deployment process. Work with various Infrastructure teams to identify and mitigate security issues, vulnerabilities, and misconfigurations by applying their in-depth knowledge of operating systems, infrastructure, and cloud providers. Work very closely with the Security Operations Team and share their findings in a proactive manner. Work with teams to ensure security standards are maintained on the design and implementation of platforms and systems in cloud and on-premises environments.

RESPONSIBILITIES:

• Establish security best processes and practices for our mobile, on-premises and cloud-based platforms.
• Support infrastructure teams from the perspective of security engineering by injecting appropriate security controls.
• Establish and maintain Infrastructure as code scanning engine.
• Establish and maintain infrastructure vulnerability management engine.
• Build tooling to ensure Security Engineering can deliver often and with confidence.
• Defining security controls for all aspects of our on-premise and cloud infrastructure.
• Managing cryptography and encryption controls.
• Coordinate security implementation work with Infrastructure teams and other members of Security Department.
• Managing Web Application Firewall (building new rules, maintaining existing, monitoring and adjusting according to the signals).
• Working with analysts, engineers, and data scientists across the organization to continually improve cyber resilience.
• Managing KMS, Secrets, certificate management platforms.
• Support the regulatory compliance initiatives, processes and documentation for ISO 27001, PCI, SOC2, etc.
• Assist with incident response practices including incident management, coordination, analysis and investigation of potential security events.
• Design and implement safeguards by working with others to progress cloud security posture in the form of software, hardware, or operating procedures.
• Monitor environments with performing setup of tools, logging and monitoring, and threat detection to determine if any attacks on cloud systems working with the SOC.
• Constantly innovate at the pace of the adversary using latest techniques.

EDUCATIONAL REQUIREMENTS:

• Bachelor's degree in computer science, Information Systems, or equivalent combination of education and experience.
• Certifications in the field of Information Security (at least one of the following: AWS Solutions Architect, AWS Security Specialty, CISSP, CEH, GIAC).

EXPERIENCE REQUIRED:

• 10+ years of experience in related IT Security environment.

GENERAL KNOWLEDGE, SKILLS & ABILITIES:

• Serve as a mentor to other Infrastructure Security team members, providing guidance and support.
• Drive the most difficult and complex infrastructure security reviews and threat modeling.
• Develop, evangelize and monitor the adoptions of sound security practices.
• Champion recruiting activities.
• Have significant ownership in and evangelize security training with infrastructure teams.
• Subject Matter Expert (SME) in at least 1 technical areas impacting the security of the infrastructure.
• Author technical security documents.
• Author questions/processes for hiring and screening candidates.
• In-depth knowledge of infrastructure security vulnerabilities, attack vectors and mitigation techniques.
• Demonstrated experience in cloud security, systems security, site-reliability engineering.
• Demonstrated experience with Linux/Windows/Mac Operating Systems and common OS hardening practices.
• Demonstrated experience with running systems at scale.
• Proficiency in succinctly document technical details.
• Demonstrated ability and experience to identify and mitigate security issues, misconfigurations and vulnerabilities related to cloud, container and Kubernetes infrastructure.
• Ability to implement new and update existing security measures for the protection of the Fanatics infrastructure.
• Demonstrated experience to utilize log ingestion platforms for security analytics and identification of tactics, techniques and patterns of attackers.
• Demonstrated experience to contribute to the creation of the runbooks.
• Demonstrated experience to the production and tuning of detection rules.
• Demonstrated experience managing KMS, Secrets management, Certificate Management platforms: Akeyless, Hashicorp Vault.
• Participate in the Security Engineering Team on-call rotation.
• Ability to clearly and effectively communicate concerns and issues to the management and engineers.
• Experience with Cloud (AWS, Azure, GCP) Security.
• Experience with various AWS security services and tooling: Cloudformation, VPC, IAM, SecurityHub, Cloudtrail, Cloudwatch, Lambda, etc.
• Experience using log analysis platforms such as Splunk, ELK, etc.
• Experience with one or more programming languages (Python, Go, PHP, Ruby).
• Experience with firewalls and networking equipment – hardening configurations.
• Demonstrated experience with shell scripting is required.
• Demonstrated experience with terraform is required.
• Working experience with Kubernetes and Docker.
• Technical knowledge of systems in multi-tenant, cloud environment.
• Experience with Infrastructure as code (IaC) and IaC scanning.
• Experience with vulnerability management and patching, infrastructure vulnerability scanning.
• Demonstrated experience with WAF (Akamai, AWS WAF, etc.).
• DevOps experience managing deployment and configuration.

General skills include:

• Strong critical thinking and analytical skills.
• Ability to approach problem solving in a constructive and collaborative way that does not require absolute security.
• The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.
• Strong leadership, project, and team-building skills.
• Exceptional communication skills with diverse audiences; the ability to be an infrastructure security subject matter expert who can explain relevant topics to general audiences.

Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally.