Company Overview

Fanatics is the global leader in licensed sports merchandise and changing the way fans purchase their favorite team apparel and jerseys. Through an innovative, tech-infused approach to making and selling fan gear in today's on-demand culture, Fanatics operates more than 300 online and offline stores, including the e-commerce business for all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA), major media brands (NBC Sports, CBS Sports, FOX Sports) and more than 200 collegiate and professional team properties, which include several of the biggest global soccer clubs (Manchester United, Real Madrid, Chelsea, Manchester City). Fanatics offers the largest collection of timeless and timely merchandise whether shopping online, on your phone, in stores, in stadiums or on-site at the world's biggest sporting events.

About the Team

Fanatics is first and foremost a technology company. We are powered by cutting-edge tech created by our small agile teams using the latest tools and technologies under our highly analytical, forward thinking, and open-minded leadership. As the global leader in licensed sports merchandise, we challenge ourselves by improving our new fully responsive NodeJS cloud commerce platform, Elasticsearch engine, and deep data science capabilities while building the best-in-class retail manufacturing and supply chain technologies. Our tech teams work together to revolutionize data science and engineering initiatives, provide highly scalable real-time and streaming platforms, and create secure e-commerce and in-stadium fan experience products. Our own e-commerce platform transacts in over 190 countries, 17 languages, and 14 currencies. Our motto is “#GSD”—get stuff done—and we do just that. If you want to be at the nexus of sports, commerce, and technology, come be a part of our industry-leading team here at Fanatics Tech.

Fanatics is looking for a Security Engineering Manager to join our Information Security team. This position is responsible for leadership of a team of engineers tasked with the design, implementation, and management of the security tool stack and application security programs protecting the Fanatics environment. Our team members are given a great deal of autonomy in the pursuit of keeping Fanatics secure and a successful candidate will demonstrate strong communication skills and is expected to be comfortable and effective working independently and as part of a larger, highly distributed team. We're looking specifically for folks who place an emphasis on usable security. Fanatics is a fast-growing company and our security program needs to be able to keep pace with that growth while not disrupting innovation.

This is a hands-on role. You will be there to roll up your sleeves and support the engineering team whenever they need assistance, guidance and advice.

Your Responsibilities:

• Support the Security Engineering team. Be there for them, guide them, and provide assistance when needed.
• Responsible for identifying, designing, and delivering services that build a highly trusted security foundation for the Fanatics Infrastructure
• Manage the day-to-day security engineering work. Ensure that engineering tasks are handled efficiently and there's continuous communication with our security operations team.
• Work with other security leaders to identify, hire and develop the personnel necessary to grow the security engineering and application security functions.
• Continuously improve existing processes and procedures through automation and tool creation.
• Stay current with emerging security technologies and make recommendations for use based on business value.
• Create solutions that balance business needs with company-specific and industry-related requirements and regulations.

Required Qualifications:

• Minimum 10+ years in Information Security
• Minimum 3+ years people management experience
• Ability to communicate efficiently: write clearly and speak authoritatively to different audiences (business leaders and engineers)
• Meticulous reporting skills
• Track record of leading productive information security teams who are largely remote.

Experience with and knowledge of:

• Experience designing, implementing and maintaining open source and commercial technical security solutions, such as firewalls and intrusion detection systems.
• Implementing security solutions in a forward-thinking and user-focused manner. This includes delivering iterative improvements in consultation with the larger Information Security team and other operational support teams.
• Software development and deployment, with a specific focus on microservice-based architectures.
• Strong knowledge of Windows, Macintosh, and Linux platforms.
• Experience with security assessment tools for on-premise and cloud environments including vulnerability scanners, encryption and key management software and hardware, logging and alerting systems.
• CI/CD Concepts and Deployment.
• Strong networking skills, including experience with cloud-based networking at scale..
• Enterprise-level 24x7 operational support experience.
• Experience managing an application security team is a significant plus.
• Experience with compliance frameworks such as PCI-DSS, SOC, NIST and GDPR.
• Experience of Agile/Lean working practices and the tools to support them.
• Knowledge of core AWS service (similar knowledge of Azure and GCP is a plus).
• Experience in driving end to end product security with SAST, DAST, IAST and SCA tools.
• Knowledge of Docker and Kubernetes container orchestration.
• Experience with Python, Terraform, Go.

Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.

NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information.  We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future contract positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.

Your Responsibilities:

• Support the Security Engineering team. Be there for them, guide them, and provide assistance when needed.
• Responsible for identifying, designing, and delivering services that build a highly trusted security foundation for the Fanatics Infrastructure
• Manage the day-to-day security engineering work. Ensure that engineering tasks are handled efficiently and there's continuous communication with our security operations team.
• Work with other security leaders to identify, hire and develop the personnel necessary to grow the security engineering and application security functions.
• Continuously improve existing processes and procedures through automation and tool creation.
• Stay current with emerging security technologies and make recommendations for use based on business value.
• Create solutions that balance business needs with company-specific and industry-related requirements and regulations.

Required Qualifications:

• Minimum 10+ years in Information Security
• Minimum 3+ years people management experience
• Ability to communicate efficiently: write clearly and speak authoritatively to different audiences (business leaders and engineers)
• Meticulous reporting skills
• Track record of leading productive information security teams who are largely remote.

Experience with and knowledge of:

• Experience designing, implementing and maintaining open source and commercial technical security solutions, such as firewalls and intrusion detection systems.
• Implementing security solutions in a forward-thinking and user-focused manner. This includes delivering iterative improvements in consultation with the larger Information Security team and other operational support teams.
• Software development and deployment, with a specific focus on microservice-based architectures.
• Strong knowledge of Windows, Macintosh, and Linux platforms.
• Experience with security assessment tools for on-premise and cloud environments including vulnerability scanners, encryption and key management software and hardware, logging and alerting systems.
• CI/CD Concepts and Deployment.
• Strong networking skills, including experience with cloud-based networking at scale..
• Enterprise-level 24x7 operational support experience.
• Experience managing an application security team is a significant plus.
• Experience with compliance frameworks such as PCI-DSS, SOC, NIST and GDPR.
• Experience of Agile/Lean working practices and the tools to support them.
• Knowledge of core AWS service (similar knowledge of Azure and GCP is a plus).
• Experience in driving end to end product security with SAST, DAST, IAST and SCA tools.
• Knowledge of Docker and Kubernetes container orchestration.
• Experience with Python, Terraform, Go.

Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.

NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information.  We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future contract positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.