Staff Security Analyst - #8365

Company Overview Fanatics is the global leader in licensed sports merchandise and changing the way fans purchase their favorite team apparel and jerseys. Through an innovative, tech-infused approach to making and selling fan gear in today's on-demand culture, Fanatics operates more than 300 online and offline stores, including the e-commerce business for all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA), and more than 200 collegiate and professional team properties, which include several of the biggest global soccer clubs (Manchester United, Real Madrid, Chelsea). Fanatics offers the largest collection of timeless and timely merchandise whether shopping online, on your phone, in stores, in stadiums or on-site at the world's biggest sporting events.  At Fanatics, we’re a diverse, passionate group of employees aiming to ignite pride and passion in the fans we outfit, celebrate and support.  We recognize that diversity helps drive and foster innovation, and through our IDEA program (inclusion, diversity, equality and advocacy) at Fanatics we provide employees with tools and resources to feel connected and engaged in who they are and what they do to support the ultimate fan experience.    About the Team Fanatics is first and foremost a technology company. We are powered by cutting-edge tech created by our small agile teams using the latest tools and technologies under our highly analytical, forward thinking, and open-minded leadership. As the global leader in licensed sports merchandise, we challenge ourselves by improving our new fully responsive NodeJS cloud commerce platform, Elasticsearch engine, and deep data science capabilities while building the best-in-class retail manufacturing and supply chain technologies. Our tech teams work together to revolutionize data science and engineering initiatives, provide highly scalable real-time and streaming platforms, and create secure e-commerce and in-stadium fan experience products. Our own e-commerce platform transacts in over 190 countries, 17 languages, and 14 currencies. Our motto is “#GSD”—get stuff done—and we do just that. If you want to be at the nexus of sports, commerce, and technology, come be a part of our industry-leading team here at Fanatics Tech.
Fanatics is searching for an experienced Staff Security Analyst to join our Security Operations team. The ideal candidate will have 5 or more years of work experience specifically in the field of Information Security.
Information Security team members are given a great deal of autonomy in the pursuit of keeping Fanatics secure and a successful candidate will demonstrate a good work ethic, superior communication skills, and is expected to be comfortable and effective working independently and as part of a larger, highly-distributed team.
We're looking specifically for folks who place an emphasis on usable security. Fanatics is a fast-growing company and our security program needs to be able to keep pace with that growth while not disrupting innovation.

Responsibilities:

• Serve as a lead for a team of SOC Analysts.
• Conduct threat hunting activities and monitor external information sources to identify potential threats to Fanatics.
• Lead tabletop and red team / blue team exercises to regularly test our incident response capabilities.
• Recommend how to optimize security monitoring tools based on assessments of available threat intelligence data and incident trends.
• Mentor and train other members of the Security Operations team.
• Serve as an escalation point in incident response scenarios; acting as the incident commander and conducting detailed analysis and forensic investigations as needed.
• Monitor and analyze alerts, network traffic, and system logs for unusual behavior, attributing suspicious activity to specific threats and implementing measures to mitigate risk.
• Help design, deploy, and operate internal Fanatics security systems.
• Participate in a 24/7 on-call rotation, helping triage and respond to security incidents as they arise and providing tier 3 support for internal end users.
• Coordinate with other teams in IT to implement standards for endpoint security, vulnerability management, and system hardening.
• Contribute to SOC documentation (processes, hardening standards, playbooks, and after action reports) working closely with the SOC Manager to continuously improve day to day operations.
• Lead efforts to automate day to day operations and creation of artifacts for compliance audits.

Experience and Skills:

• High level of commitment, energy and creativity with the ability to work in a fast paced, rapidly changing environment.
• Excellent oral and written communication skills, including the ability to interact effectively with executives, engineers, vendors and peers.
• Strong analytical skills, including structured problem solving and instinctive thinking.
• Hands on experience working within a formal incident response process and conducting forensic investigations.
• Highly adept at managing IT security projects that are cross-functional in nature.
• Expert level proficiency with scripting and query languages (Python, Powershell, SQL, etc.) with a passion for automation.
• Strong networking skills; OSI model, TCP/IP, HTTPS, network intrusion detection and prevention.
• Experience working with enterprise level access management, SIEM, IDS/IPS, end-point protection, and multi-factor authentication systems.
• Must be comfortable working with and troubleshooting in a heterogeneous operating environment, including hands-on administrative experience with Windows, Macintosh, and Linux and a strong working knowledge of Active Directory and O365.
• Experience working in a hybrid environment that includes on-premise and cloud based systems.

Required Qualifications

• 5 or more years of relevant work experience specifically in the field of Information Security.
• One or more of the following certifications preferred: CISSP, SSCP, GCIH, ECIH, GCFA, CCFP
• College Degree in related field (Information Security, Information Systems, Computer Science/Computer Engineering) or equivalent work experience.

Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now. Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud.  Fanatics never seeks payment from job applicants.  Fanatics recruiters will only reach out to applicants from an @fanatics.com or @fanatics.co.uk email address.  For added security, where possible, apply through our company website at www.fanaticsinc.com/careers  Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.
NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information.  We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future contract positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.