Senior Manager, Defensive Security

Job not on LinkedIn

August 19

🗽 New York – Remote

Although this job is listed in New York, this company may be open to hiring remote in other states.

💵 $140k - $175k / year

⏰ Full Time

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

Apply Now

Receive Emails with Similar Jobs

Major League Baseball (MLB)

WebsiteLinkedInAll Job Openings

Sports • Media • Retail

Major League Baseball (MLB) is a professional sports organization that manages the premier baseball league in North America. It oversees team operations, player transactions, broadcast arrangements, and events such as the All-Star Game and World Baseball Classic. MLB facilitates player development with its minor league system and offers products and services like MLB. TV for streaming games. It also engages with fans through various platforms including youth programs and merchandising. MLB is central to baseball's presence in the media, tourism, and retail markets, offering tickets, sports apparel, and other fan experiences.

1001 - 5000 employees

Founded 1869

⚽ Sports

📱 Media

🛒 Retail

📋 Description

• Design and implement scalable defensive security controls within CI/CD pipelines, infrastructure-as-code, and cloud-native environments • Lead integration of anti-bot, anti-fraud, API security, and application security tools across MLB's digital platforms • Improve our security architecture by partnering with DevOps, SRE, Product & Software Engineering teams to embed security early in the software development lifecycle (Shift Left) • Oversee detection engineering efforts to improve visibility, reduce dwell time, and create actionable security alerts and response automations • Partner with the Security Operations and Offensive Security teams to mature incident response playbooks, adversary emulation, and purple team exercises • Evaluate threats, vulnerabilities, and attack techniques to ensure proactive defense postures (MITRE ATT&CK, D3FEND-aligned) • Take part in the on-call rotation for high-severity incident escalations, particularly during high-profile events such as major game days, ticket launches, or partner broadcasts • Lead vulnerability management activities, ensuring timely identification, triage, and remediation of security findings across infrastructure, applications, and APIs • Collaborate with product, IT, and infrastructure teams to prioritize risk-based remediation efforts and report on exposure trends • Pilot and integrate agentic AI platforms capable of real-time contextual decision-making (e.g., alert triage, threat hunting, VRM automation) to reduce mean time to respond (MTTR) and analyst fatigue • Develop and enforce secure design patterns for web, mobile, and API platforms, emphasizing resiliency against modern attack vectors • Partner with developers and product teams to conduct architectural threat modeling and review high-impact features or deployments • Champion best practices in authentication, session management, data protection, and secure SDLC • Define and enforce cloud security architecture standards across AWS, Azure, and GCP, incorporating best practices for workload isolation, IAM, encryption, and control plane monitoring • Mentor and develop a growing team of defensive security engineers and analysts; foster a high-performance, innovation-focused culture • Track and report KPIs and defensive maturity metrics to security leadership and executive stakeholders • Serve as a key security stakeholder across Engineering, IT, Product, Legal, and third-party vendors • Develop and maintain operational security playbooks, peer-review standards, and change-control procedures. Act as the primary Defensive Security stakeholder in security governance, risk assessments, and change-advisory board processes

🎯 Requirements

• Bachelor’s or Master of Computer Science, Software Engineering, or Cybersecurity • 4+ years of experience in Dev(Sec)Ops, software engineering, security engineering or a related role • Relevant certifications from recognized organizations such as (ISC)², GIAC (SANS), CompTIA, OffSec, ISACA, Security Blue Team, or cloud providers (AWS, Azure, GCP) are a strong plus • Experience implementing and managing security tooling in one or more areas: WAF, bot mitigation, RASP, EDR, SIEM, CSPM, SAST/DAST, or API security platforms is required • Proficiency in one or more languages such as Python, Go, or Bash for automating security controls and CI/CD workflows is required. Experience with formal SSDLC frameworks (e.g., OWASP SAMM) is a plus • Experience securing backend APIs (REST, GraphQL, MCP) developed in languages like Node.js, Java, Python or Go is a plus • Deep understanding of modern application architectures (cloud-native, microservices, APIs) and their security implications is required • Solid experience with DevOps platforms and IaC (Kubernetes, Terraform, GitHub Actions, etc.) is a plus • Capable of independently driving mission-critical initiatives to completion with accuracy and care, exercising sound judgment and discretion in the handling of sensitive or confidential information • Strong written and oral communications skills. Ability to explain technical concepts to audiences at different levels

🏖️ Benefits

• 100% Employer Paid Medical/Dental/Vision Premiums • Company Contributed 401K Plan • Paid Time Off and Holidays • Paid Parental Leave • Access to Free Tickets to Baseball Games & MLB.TV • Discounts at MLB Store | MLBShop.com • Employee Assistance Programs (EAP) • Onsite/Online Training & Development Programs • Tuition Reimbursement • Disability Benefits (short term and long term) • Life and Accidental Death Insurance • Pet Insurance