Platform Security Engineer

Summary

Join NBC Sports Next as a Platform Security Engineer and play a pivotal role in securing our engineering ecosystem. You will lead the DevSecOps roadmap, shaping the future of secure cloud infrastructure. This hands-on role emphasizes AWS security, CI/CD security, and security automation. You will be responsible for driving security solutions across AWS cloud, container security, and CI/CD, ensuring compliance with various standards. The position is fully remote with potential for travel. This role offers the opportunity to be part of a new publicly traded company, SpinCo, upon its completion in 2025.

Requirements

• AWS Expertise: 2+ years of hands-on experience with AWS, with a strong focus on IAM best practices and securing common AWS resources (e.g., EC2, S3, RDS) in production public facing environments
• Linux Proficiency: Minimum of 4 years of experience managing and securing Linux systems
• Security Automation & Tooling: 2+ years of experience implementing security automation and integrating security tooling (e.g., SEIM, SAST/DAST, WIZ/ORCA, or other)
• Automation/Scripting: 2+ years of experience with Python for automation and scripting in a security/DevSecOps context
• Git and GitOps: Practical experience and comfortable using Git and automated workflows for developing code securely
• Web Security Knowledge: Familiarity with web security best practices, including DNS, firewalls, secure APIs, and database security (e.g., PostgreSQL, MySQL)
• Cloud Security: Proven ability to secure cloud environments, including implementing and managing security controls, auditing, and monitoring
• Communication & Collaboration: Exceptional written and verbal communication skills with the ability to explain complex security concepts to technical and non-technical audiences
• Track Record of Solutions: Demonstrated ability to identify and address security challenges, delivering effective solutions through collaboration and leadership

Responsibilities

• Lead Security Efforts on the Platform: Drive and deliver security solutions across AWS cloud, container security (ECS/Kubernetes), CICD, and secure cloud-native architectures while ensuring compliance with standards such as PCI-DSS, ISO27001, SOC 2, NIST 800-53, and COPPA
• Enhance Secure CI/CD: Build and enhance security related platform capabilities, involving CI/CD pipelines, infrastructure, reusable templates, and automation, enabling teams to deploy rapidly and securely at scale
• Standardize Secure Patterns: Design and implement reusable patterns that promote security best practices and compliance across all engineering teams
• Advance Secure Software Delivery: Promote secure delivery practices by embedding security in the build and design phases, emphasizing fast feedback, observability, and operational excellence
• Collaborate Cross-Functionally: Work closely with SecOps, platform teams, and engineering teams, fostering knowledge sharing and ensuring alignment on security goals and solutions
• Strengthen Security Posture: Assess and improve existing security standards, practices, and controls to reduce vulnerabilities and enhance the organization’s security posture
• Drive Compliance Automation: Develop automation strategies to enforce regulatory controls and ensure continuous compliance with industry standards
• Support Incident Response: Collaborate on incident monitoring and response, conduct Root Cause Analysis, and recommend measures for future mitigation
• Leverage Key Tools and Skills: Utilize AWS cloud knowledge, Terraform, and Python to develop secure solutions that balance security objectives with developer productivity and business goals
• Communicate Effectively: Deliver clear security updates, document solutions thoroughly, demo and communicate effectively with diverse stakeholders, including engineering teams and executive leadership

Preferred Qualifications

• Regulated Environments : Experience working in environments with complex compliance requirements (e.g., PCI-DSS, SOC 2, ISO27001)
• AWS Certifications : Relevant certifications such as AWS Certified Security – Specialty or AWS Certified Solutions Architect
• Web Security & Threat Detection : Hands-on experience with WAFs (e.g., AWS WAF, Cloudflare) and centralized logging stacks (e.g., Splunk, Kibana)
• DevSecOps Expertise : Strong understanding of secure CI/CD practices and integrating compliance objectives into pipelines
• Infrastructure as Code (IaC) : Experience with Terraform or CloudFormation for managing secure infrastructure
• Security Mentorship : Proven ability to mentor engineers and share security knowledge effectively

Benefits

Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence