Security Engineer III

Fanatics Betting & Gaming•New York, NY

1d•$147,250 - $193,750•Remote

About The Position

Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally. Launched in 2021, Fanatics Betting and Gaming is the online and retail sports betting subsidiary of Fanatics, a global digital sports platform. The Fanatics Sportsbook is available to 95% of the addressable online sports bettor market in the U.S. Fanatics Casino is currently available online in Michigan, New Jersey, Pennsylvania and West Virginia. Fanatics Betting and Gaming operates twenty-two retail sports betting locations, including the only Sportsbook inside an NFL stadium at Northwest Stadium. Fanatics Betting and Gaming is headquartered in New York with offices in Denver, Leeds and Dublin. This role is remote. As a Security Engineer III at Fanatics Betting & Gaming (FBG), your knowledge and experience in designing, implementing and maintaining security measures will help the organization stay ahead of security risks and protect company assets. This role sits within the Information Security department and reports to the Manager, Security Engineering.

Requirements

Minimum of 5 years of experience as a security engineer or in a similar role
Proficient in incident response, threat hunting and cloud security, with a focus on AWS.
Proficient in purple team operations with expertise in offensive and defensive strategy.
Experience with identity management protocols (e.g., OAuth, SAML, OpenID Connect).
Experience automating incident response playbooks leveraging SOAR solutions.
Ability to communicate effectively with technical and non-technical stakeholders
Proven experience drafting documentation such as standards, policies and architecture diagrams.
Ability to collaborate and work in a team environment
Foundational knowledge in agile methodologies with ability to successfully collaborate with multiple stakeholders.
Experience with scripting languages such as Python or Bash is required

Nice To Haves

Experience with Cloudflare Datadog, Wiz and Tines is preferred.
Demonstrated experience leveraging Infrastructure as code tools such as Terraform or Ansible is a plus.
Relevant certifications such as OSCP, SSCP, or GSEC are a plus

Responsibilities

Continuous evaluation of several security tools including but not limited to Data Loss Prevention, Vulnerability Management, Identity and Access Management, Web Application Firewall, Email Protection and Endpoint Protection.
Evaluate and implement a Security, Orchestration, Automation and Response software.
Develop and maintain a library of scripts to be leveraged to automate threat hunting, detection, and digital forensics efforts.
Design, implement and refine security detection mechanisms to improve operational efficiency and observability.
Effectively maintain a cloud based SIEM by ensuring relevant logs are ingested and alerts are tuned.
Tasked with leveraging expertise in the area of incident response, this role may also function as the lead incident responder.
Stay up-to-date on the latest threats, vulnerabilities, and security trends to ensure that our organization is prepared to address emerging threats.
Conduct security awareness training by conducting internal phishing campaigns.
Collaborate with internal teams to ensure that secure implementation guidelines are followed.
Participate in an on-call rotation to provide 24/7 support for critical incident escalations.