Company OverviewFanatics isbuilding a leadingglobal digital sports platform. The company ignites the passions of global sports fans and maximizes the presence and reach for hundreds of sports partners globally by offering innovative products and services across Fanatics Commerce, FanaticsCollectibles, and Fanatics Betting amp; Gaming, allowing sports fans to Buy, Collect and Bet.Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform.Fanaticshas an established database of over100 millionglobal sports fans, a global partner network with over 900 sports properties, including major national and international professional sports leagues, teams, players associations, athletes,celebrities, colleges, and college conferences, and over 2,000 retail locations, including its Lids retail business stores.As a market leader with more than 18,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives.
The Application Security Engineer III role reports to the Sr. Application Security Architect and is responsible for the continuous security management of the Collectibles application environment. They will be responsible for identifying, tracking, and remediating threats towards the customer facing eCommerce, mobile, and next-gen platforms. The Application Security Engineer will partner with the Business, Development, and DevOps teams to ensure security is embedded through all phases of the software development lifecycle and platforms to meet corporate minimum standards.Duties may include:- Staying up to date with current security threats within the company region and vertical with a special focus on threats to eCommerce ecosystems.
- Continuous protection of customer facing corporate platforms.
- Automating security in a CI/CD pipeline.
- Securing and hardening cloud infrastructure.
- Participate in development and feature planning discussions for new products and features.
- Assist with Threat Modeling for existing and new applications and platforms.
- Assist with Web Application and Mobile Application penetration tests.
- Provide security requirements and guidance to development teams for mobile application and web-based products.
- Firewall, WAF, and DDoS protection management.
- Maintaining security tooling
- Triaging and assisting development teams with vulnerability remediation.
- Producing meaningful KPI’s and executive level reporting.
Qualifications:- 3+ years’ experience in developing SDLC’s and secure coding guidelines.
- 2+ years’ experience with SAST and DAST to include mobile applications.
- 2+ years’ experience testing mobile applications for security weaknesses.
- Knowledge of major cloud platforms such as AWS, Azure, and GCP.
- Experience with securing contains such as Docker and Kubernetes.
- Experience with Threat Modeling methodologies such as STRIDE
- Scripting experience strongly preferred.
- Excellent verbal and written communication skills.
- Preferred Certifications: AWS Security Specialty, CCSP, CSSLP, OSCP, OSWE, GPEN, GWAPT, GCPN
The salary range for this position is $152,000- $190,000 which represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants.Feel free to ask your recruiter for a phone call or other type of communication for interview, and ensure your communication is coming from a Fanatics or Fanatics Brand email address. For added security, where possible, apply through our company website at www.fanaticsinc.com/careers
Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.
Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchas