Share this job

Application Security Engineer

REQ ID:  4002

Secaucus, New Jersey, US, 07094

At the NBA, we’re passionate about growing and celebrating the game of basketball. Through the intensity of the game and the amazing athletic skill of our players, we deliver excitement to hundreds of millions of fans around the world.


As a global sports and media business, the NBA is so much more. While Basketball Operations runs the league’s on-court activities, other departments manage relationships with television and digital media partners, develop marketing partnerships with some of the world’s most recognizable companies, oversee the licensing of NBA merchandise, and handle a wide range of responsibilities that drive the NBA’s success.


Position Summary:

The Application Security Engineer will deliver secure cloud infrastructure and software using best practices and commercial & open-source security testing tools. This individual will work across departments on key business initiatives, including direct to consumer and support the organization's continued adoption of AWS and Azure cloud services. The candidate will automate security testing in the development process and work with Cybersecurity, Infrastructure, DevOps and Application Development teams to interpret requirements and translate them into actions, while balancing security, agile software development, continuous integration and deployment (CI/CD).



Major Responsibility:

  • Perform security testing of applications early in the software development lifecycle, leveraging DAST, SAST, and assess applications against Cybersecurity best practices, policies, and compliance mandates.
  • Manage the security components of continuous integration and delivery software pipeline to ensure security testing is performed throughout the CI/CD pipeline.
  • Automate Cybersecurity controls testing within CI/CD pipelines that package, test, and deploy infrastructure and containerized applications.
  • Design and implement threat modeling processes to determine the controls needed for a given application within the software development lifecycle.
  • Provide SME guidance in assessing cloud infrastructure to address findings resulting from design reviews, threat modeling, and SAST and DAST testing.
  • Perform vulnerability assessment, pen testing, and work across department lines to communicate findings and drive forward risk remediation efforts.
  • Contribute to the decisions being made that impact the NBA's cloud implementations, direction, and cloud security posture.
  • Design and implement security risk metrics monitoring to report on threats and the Cybersecurity posture; define data reporting metrics to drive forward continuous security improvements, including gate checks and integrated view of projects in the pipeline.
  • Perform technical security configuration assessments of cloud platforms such as Microsoft Azure, Amazon Web Services (AWS).


Required Skills/Knowledge:

  • Bachelor's degree in a technical discipline (or equivalent work experience)
  • Minimum of seven years in IT (a minimum of five years in information security)
  • Strong background in Penetration Testing, Secure Development Lifecycle methodologies Expertise in identifying vulnerabilities, static/dynamic code analysis, code reviews.
  • Experienced in Python, Perl, JavaScript, Shell scripting, Familiarity with SAFe, agile release train concepts and Agile methodology
  • A good understanding across cloud and infrastructure components (server, storage, network, data, and applications) Hands-on experience using tools such as Checkmarx, Micro Focus, Synopsys or Veracode as well as Jenkins, GitLab, Puppet, Vault, and Grafana or other related automation and orchestration toolset
  • Expertise in working with CI/CD tools and pipeline such as Azure Dev Ops, Jenkins, Github, Gitflow, artifact repository
  • Experience with collaboration tools such as Trello, Jira, sprint planning, task ownership, comfortable in customer-facing roles
  • Understanding of industry-leading practices around cyber risks and cloud security using industry standards such as CIS Benchmarks, Cloud Security Alliance, and NIST SP 800-144, and 800-145 One or more industry-leading certification is preferred CCSP, GCSA, CSSLP



Bachelor's Degree preferred


We Consider Applicants For All Positions On The Basis Of Merit, Qualifications And Business Needs, And Without Regard To Race, Color, National Origin, Religion, Sex, Gender Identity, Age, Disability, Alienage Or Citizenship Status, Ancestry, Marital Status, Creed, Genetic Predisposition Or Carrier Status, Sexual Orientation, Veteran Status, Familial Status, Status As A Victim Of Domestic Violence Or Any Other Status Or Characteristic Protected By Applicable Federal, State, Or Local Law.

Nearest Major Market: New York City
Nearest Secondary Market: Newark

Job Segment: Application Engineering, Application Developer, Developer, Engineer, Cloud, Engineering, Technology