[Remote] Staff Security Engineer

Note: The job is a remote job and is open to candidates in USA. Fanatics is building a leading global digital sports platform. As a Staff Security Engineer on the Fanatics Ecosystems Security team, you will lead security reviews, deliver impactful tooling in close partnership with engineering teams, and operate application and edge security with efficiency and scale.

Responsibilities

• Develop, implement, and uphold secure architecture for product and enterprise environments. This encompasses on-premises, cloud, and containerless environments
• Conduct threat model reviews for new services and major architecture changes, producing prioritized, actionable findings that unblock rather than delay engineering
• Contribute production code to product features as an engineering partner
• Attend sprint planning and architecture reviews for the product squads you support, security input happens at design time
• Consistently contribute to and enhance security coding programs that support immutable and version-controlled environments through the utilization of infrastructure as code, detection as code, and other engineering-driven security initiatives
• Participate in an on-call rotation to provide 24/7 support for incident escalations

Skills

• 10+ years of experience in security engineering or a related field, including 5+ years of hands-on software engineering experience
• Demonstrated expertise in implementing AWS security services and adhering to best practices. (Cloudtrail, GuardDuty, Cloudwatch)
• Prior experience implementing and managing a zero-trust network access solution to support least privilege access provisioning
• Hands-on experience managing WAF platforms (Cloudflare, Akamai, Fastly, AWS WAF or equivalent) including custom rule development, not just enabling managed rulesets
• Demonstrated experience leveraging infrastructure as code with tools such as Terraform or Ansible
• Experience with identity management protocols (e.g., OAuth, SAML, OpenID Connect)
• Able to identify what a good release pipeline looks like (the stages, what they do, why they are there)
• Demonstrated ability to develop and comprehend code in one or more programming languages, including Python, Java, or Go
• Relevant certifications such as OSCP, SSCP, or GSEC

Benefits

• Short-term or long-term incentive compensation
• Full-time employment
• In-person components, such as onsite interviews or Launching into Better: LIVE—a multi-day cultural immersion in New York City for full-time, non-seasonal hires
• Ranges will change based on country and state of residence, which are reflected in Geographical Zones defined by Fanatics Betting and Gaming
• The range incorporates all of our Geographical Compensation Zones and is subject to change as the Zone associated with the actual offer is confirmed
• For information about our benefits, please visit https://benefitsatfanatics.com/

Company Overview

Company H1B Sponsorship