Sr. Application Security Engineer, Sports
Visible for Experteer Members
Denver, CO - United States
Senior Specialist / Project Manager
Private Broadcasting Channels
Responsibilities: The successful candidate will join NBCUniversal and Sports at an exciting time where we are transforming from an operational, tool-based cyber defense program into an intelligence and threat-based organization. The successful candidate will work very closely with our Sports software engineering teams as well as other Sports teams to shape the future of cyber defense at NBCUniversal.
Operations & Technology
The Senior Cyber Security Application Engineer will function as a technical and engineering subject matter expert for various Cyber Security technology areas. They will partner with Sports software engineering teams such as SportsEngine, GolfNow and others to provide expert security design and deployment guidance to secure new solutions and services while providing practical and scalable security improvements to sustain a large portfolio of existing applications and services.
- Provides both hands-on and high-level guidance for defensive coding patterns & practices based on mitigation of OWASP Top 10, SANS 25 software design flaws
- Interprets static and dynamic analysis for both internal and external web applications and develops pattern-based solutions and guidance for development teams
- Enjoys working with software engineers to help themdesign application security controls across a range of technologies to include but not limited to .NET, C#, Java, Android, PHP, and containerized micro-services applications
- Implement, and model security practices for enterprise & cloud environments using an intelligence and threat-driven defense model.
- Produce threat models and attack trees as part of security engagements
- Collaborates closely with NBCUniversal Sports Information Security Officer and team to deliver solutions for the Sports business, consistent with the enterprise Information Security strategy.
- Automate first, and develops manual processes second
- 20% travel required to Development Engineering team’s facilities
•Five plus years experience in a defensive cyber security engineering role following a secure development lifecycle
•Hands-On development experience with cloud scale applications and services
•Defensive coding and flaw mitigation with an emphasis on C#, .Net, Java, Node JS, Python, Android, and PHP (other languages OK)
•Expert knowledge and experience with evaluating and recognizing common flaw design patterns and offer remediation methodologies/design for common vulnerabilities in the OWASP Top 10 and SANS Top 25
•Experienced using Static, Dynamic, Software Component, Run time Analysis tools
•3+ years experienced with modern scaleable DevSecOps processes and developing automation of SDLC eg: CI/CD w/JENKINS
•Experience designing, and securing web applications deployed to Amazon Web Services (AWS)
•Working knowledge of any of the following frameworks: PCI DSS, NIST 800-53/800-88, CRM, ISO 270001
•Experience developing threat models
•Subject Matter Expertise in one or more of the following areas:
oBasic software design and architecture
oWindows/Linux operating systems,
oNetwork devices and protocols, construction of data flow diagrams,
oInter-process communication, data flow diagrams, entity relationship diagrams
oStatic, Dynamic, Software Component, Run time Analysis tools
•Intellectual capability and curiosity to learn complex processes. strategic thinking and decision-making
•Ability to balance multiple demands in a fast-paced growing environment
•A dedicated and self-driven desire to think creatively and produce results
•Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors
•BA/BS in Computer Science, Mathematics, or related field preferred
Desired Characteristics: •A love for sports and sporting events
•A career passion for designing secure web and mobile applications
•Be flexible, and have a creative approach to business, with demonstrated track record of aligning technical objectives and programs to enterprise objectives and strategies
•Be Highly collaborative; personally, and professionally self-aware; able to and interested in interacting with employees at all levels; embody integrity; and represent and inspire the highest ethical standard
•Strong sense of urgency and commitment, as well as sound business sense with a strategic, conceptual and operational orientation
•Careful listener with the confidence to make crisp and tough decisions about difficult issues; natural propensity to make others feel that their view points and perspectives are adequately considered
•Disciplined engineers and software developers interested in cyber defense and secure system development life cycles are strongly preferred.
Career Level: Experienced
Country: United States
About Us: At NBCUniversal, we believe in the talent of our people. It’s our passion and commitment to excellence that drives NBCU’s vast portfolio of brands to succeed. From broadcast and cable networks, news and sports platforms, to film, world-renowned theme parks and a diverse suite of digital properties, we take pride in all that we do and all that we represent. It’s what makes us uniquely NBCU. Here you can create the extraordinary. Join us.
Notices: NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. NBCUniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative For Hiring Ordinance, where applicable.