Major League BaseballRemote
Senior Security Engineer
United States of America
Full Time
2 days ago
$150,000 - $185,000 USD
H1B Sponsor Likely
Key skills
PythonJavaGoAIGraphQLAWSAzureGCPGoogle CloudTerraformKubernetesGitHub ActionsGitHubCI/CDCloud SecurityWAF
About this role
Major League Baseball (MLB) is seeking a Senior Security Engineer to enhance the security engineering layer for its application delivery and cloud infrastructure. The role involves writing automation, integrating security tools, and ensuring security requirements are effectively implemented across various workflows.
Responsibilities:
- Support anti-bot, anti-fraud, account-abuse, and application-abuse prevention through application telemetry integration, automation, and coordination with edge/platform teams
- Build and deploy application and API security controls as code, including HAProxy configuration, WAF and bot-management rules, rate limits, routing controls, and related edge/platform security policy through version-controlled IaC and CI/CD workflows
- Collaborate with development and infrastructure teams to integrate security into CI/CD pipelines
- Build and improve security controls across CI/CD pipelines, source code platforms, artifact repositories, and deployment workflows
- Integrate security testing such as code scanning, secrets scanning, dependency scanning, container scanning, and infrastructure-as-code scanning into developer workflows
- Help define findings severity levels, ownership, exception handling, and remediation routing models
- Partner with engineering and security teams to reduce remediation noise and improve secure delivery practices
- Build policy-as-code and security guardrails for cloud, infrastructure-as-code, Kubernetes, and platform delivery workflows
- Help prevent common risks such as public exposure, overly permissive access, weak logging, insecure storage, missing encryption, and unsafe secrets handling
- Create reusable security patterns, remediation guidance, and developer-friendly feedback for infrastructure and platform teams
- Partner with cloud and platform teams to improve baseline security across prioritized environments
- Identify practical opportunities to use AI-assisted workflows across security review, remediation, prioritization, and operational analysis
- Evaluate and integrate AI-enabled development and security tools where they improve quality, speed, or consistency
- Build governed AI-assisted workflows that preserve human approval, auditability, secure data handling, and engineering ownership
- Help define responsible AI usage patterns for DevSecOps and security engineering workflows
- Partner with Product, Development, Cloud Platform, and Security teams to embed security earlier in engineering workflows
- Drive adoption of secure engineering practices through practical guidance, reusable patterns, and developer-friendly tooling
- Support threat modeling and security reviews, and provide practical guidance for prioritized applications and platforms
- Participate in an on-call rotation to respond to escalated security issues and high-risk operational events
Requirements:
- Bachelor's or Master's degree in Computer Science, Software Engineering, Cybersecurity, or equivalent practical experience
- 4+ years of experience in DevSecOps, software engineering, security engineering, cloud security, infrastructure security, or a related role
- Proficiency in one or more programming languages such as Java, Go, Python, or similar, with experience building automation, integrations, or production tooling
- Experience with REST and/or GraphQL APIs, including testing, debugging, and building integrations
- Hands-on experience with DevOps and infrastructure automation tools including Kubernetes, Terraform, GitHub Actions, or similar platforms
- Experience integrating security controls into development, CI/CD, infrastructure, or cloud workflows
- Experience with cloud security concepts and controls, with Google Cloud Platform (GCP) as the primary cloud environment
- Ability to execute tasks with high accuracy and thoroughness and maintain confidentiality when dealing with sensitive information
- Strong written and verbal communications skills. Ability to explain technical concepts to audiences at different levels
- Familiarity with AWS, OCI, Azure, or multi-cloud security patterns