Location: Remote - USA
Employment Type: Salaried
Team: Fanatics Betting & Gaming
Fanatics is building a leading global digital sports platform to ignite and harness the passions of fans and maximize the presence and reach for hundreds of partners globally. Optimizing these long-standing partnerships, a database of more than 80 million global consumers and a trusted, recognizable brand name, Fanatics is expanding beyond its position as a global leader for licensed sports merchandise to now becoming a next-gen digital sports platform, featuring an array of offerings for fans across the sports ecosystem.
The Fanatics family of companies currently includes Fanatics Commerce, a vertically-integrated licensed merchandise business that has changed the way fans purchase their favorite team apparel, jerseys, headwear and hardgoods through a tech-infused approach to making and quickly distributing fan gear in today’s 24/7 mobile-first economy; Candy Digital, a digital collectibles company that is partnering with prominent sports properties, including MLB and MLBPA, to build an official NFT ecosystem; Fanatics Collectibles, through Topps as a cornerstone of the business, building a new model for the collectibles and trading cards hobby with top leagues and players association partners; and Fanatics Betting & Gaming, a mobile betting, gaming and retail sportsbook platform. Fanatics’ partners include all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA) and hundreds of collegiate and professional teams, which include several of the biggest global soccer clubs.
As a market leader with more than 9,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives.
At Fanatics, we’re a diverse, passionate group of employees aiming to ignite pride and passion in the fans we outfit, celebrate and support. We recognize that diversity helps drive and foster innovation, and through our IDEA program (inclusion, diversity, equality and advocacy) at Fanatics we provide employees with tools and resources to feel connected and engaged in who they are and what they do to support the ultimate fan experience.
We are seeing a Staff Application Security engineer to help build out our application security practices. This role reports to Head of Information Security and is responsible for defining, implementing, training and executing against our engineer strategy, creating process, and building tools within Fanatics Betting and Gaming.
Duties and responsibilities may include:
Overhaul and administrate our platform and work with developers to resolve valid findings and reduce false positives.
Triage and validate security vulnerabilities found or reported, and serve as a Subject Matter Expert in AppSec to the engineering team in identifying mitigation solutions
Perform SAST/DAST and penetration testing on web applications, web services, native and mobile applications using security tools such as Checkmarx, WebInspect, AFL, Burp Suite, etc.
Act as a subject matter expert on application security domains.
Validate new security features and updates into existing products and ensures the security of products is maintained throughout the product life cycle
Communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved
Improve upon and further integrate the Secure Development Lifecycle (SDLC) into product design and engineering efforts.
Assist with code reviews to proactively identify potential vulnerabilities, and follow-up with tooling to prevent future vulnerabilities.
Help launch our bug bounty program and work directly with participants and various stakeholders to ensure findings are resolved in a timely manner.
Conduct Threat Modeling and Risk Assessment exercises for various services across our platform.
What skills are important to us:
5 years of related experience with a Bachelor's degree (in Computer Science, Information Security, Computer Engineering or related field); OR 3 year of experience with a Master's degree
Strong technical skills, both functional and non-functional, in a continuous delivery environment.
Experience in application security testing and releasing SaaS software in public clouds - AWS
Experience in application security testing and releasing software for Web, Mobile, API, or on hardware appliances
Experience in application security testing with automation in public clouds
Experience in automating vulnerability discovery and repetitive tasks
Knowledge of the Security Development Lifecycle (SDLC)
Experience with one or more of security tools such as Kali Linux, Burp, Metasploit, Qualys, Checkmarx, WebInspect, Peach Fuzzer, libFuzzer, AFL, etc.
Deep technical understanding of the OWASP Top 10
Experience in threat identification using threat modeling techniques
Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Fanatics recruiters will only reach out to applicants from an @fanatics.com or @fanatics.co.uk email address. For added security, where possible, apply through our company website at www.fanaticsinc.com/careers
Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.
Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.
NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS : In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. _ _ We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or other types of positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.