Senior Staff Application Security Engineer
Remote - New York
Fanatics Inc
Fanatics offers the broadest assortment of fan merchandise and memorabilia worldwide.The Role:We are seeing a Senior Staff Application Security engineer to help build out our application security practices. This role reports to Head of Information Security and is responsible for defining, implementing, training and executing against our engineer strategy, creating process, and building tools within Fanatics Betting and Gaming.
Duties and responsibilities may include:
Overhaul and administrate our platform and work with developers to resolve valid findings and reduce false positives.
Triage and validate security vulnerabilities found or reported, and serve as a Subject Matter Expert in AppSec to the engineering team in identifying mitigation solutions
Perform SAST/DAST and penetration testing on web applications, web services, native and mobile applications using security tools such as Checkmarx, WebInspect, AFL, Burp Suite, etc.
Act as a subject matter expert on application security domains.
Validate new security features and updates into existing products and ensures the security of products is maintained throughout the product life cycle
Communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved
Improve upon and further integrate the Secure Development Lifecycle (SDLC) into product design and engineering efforts.
Assist with code reviews to proactively identify potential vulnerabilities, and follow-up with tooling to prevent future vulnerabilities.
Help launch our bug bounty program and work directly with participants and various stakeholders to ensure findings are resolved in a timely manner.
Conduct Threat Modeling and Risk Assessment exercises for various services across our platform.
Must be open to occasional travel to events and Bet Fanatics offices for various offsite and team meetings.
What skills are important to us:
5 years of related experience with a Bachelor's degree (in Computer Science, Information Security, Computer Engineering or related field); OR
3 year of experience with a Master's degree
Strong technical skills, both functional and non-functional, in a continuous delivery environment.
Experience in application security testing and releasing SaaS software in public clouds - AWS
Experience in application security testing and releasing software for Web, Mobile, API, or on hardware appliances
Experience in application security testing with automation in public clouds
Experience in automating vulnerability discovery and repetitive tasks
Knowledge of the Security Development Lifecycle (SDLC)
Strong development experience in one or more of the programming languages and platforms such as NodeJS + React + Redis + Elasticsearch + Javascript and Python , iOS, Android, Window, Mac, is required
Experience with one or more of security tools such as Kali Linux, Burp, Metasploit, Qualys, Checkmarx, WebInspect, Peach Fuzzer, libFuzzer, AFL, etc.
Deep technical understanding of the OWASP Top 10
Experience in threat identification using threat modeling techniquesEnsure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Feel free to ask your recruiter for a phone call or other type of communication for interview, and ensure your communication is coming from a Fanatics or Fanatics Brand email address (this includes @betfanatics.com). For added security, where possible, apply through our company website at www.fanaticsinc.com/careers
Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.
Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.
NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or other types of positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Android APIs Application security Automation AWS Burp Suite Checkmarx Compliance Computer Science DAST Elasticsearch iOS JavaScript Kali Linux Metasploit Node.js OWASP Pentesting Python Qualys Redis Risk assessment SaaS SAST SDLC Strategy Vulnerabilities
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs