GameChanger Media, a subsidiary of Dick’s Sporting Goods, serves youth sports teams by providing team management and scorekeeping apps that deliver live game updates, data to inform player development, and communication and coordination tools for the whole team community.
Our customers trust us to protect their data. The Security Tech Lead role is critical to ensure that we earn that trust by continually upgrading our securitypractices. While their are leadership aspects to this role, it is not a managementrole; you will be a hands-on Engineer.
In this role you will be a member of GameChanger’s Platform Team. ThePlatform Team provides GameChanger’s Product Teams with stable, secure, scalable services and infrastructure on which to build world-class products; and consults with Product Developers on design patterns and architecture. You will also be part of a community of Security Engineers across the Dick’s Sporting Goods family of companies.
GameChanger is a DevOps culture. We encourage experimentation and learning initiatives, and empower engineers to make impactful decisions. We conduct blameless post-mortems so we can continuously improve our processes. All Engineers share in on-call responsibilities. We value employees with a diversity of backgrounds and perspectives.
As the Security Tech Lead at GameChanger you will . . .
- Audit our mobile applications, backend services, APIs, networkconfiguration, server configuration, detection capabilities, and processes looking for areas of improvement.
- Perform threat modeling, identifying exploitable vulnerabilities, countermeasures, and incident response plans.
- Take the lead in working with independent auditors for compliance (e.g. PCI, PII, etc.)
- Collaborate with other Platform Engineers to develop and integrate tools that automate the detection, alerting, reporting, and remediation of exploit attempts (penetration, scraping, DoS, etc.)
- Ensure alerting is meaningful with a high signal-to-noise ratio
- Evaluate and recommend best-of-breed open source and commercial tools to acquire and integrate.
- Lead the response to security incidents; provide guidance to other engineers to analyze and remediate; communicate clearly to management
- Take a leadership role in developing a security and compliance strategy
- Evangelize for the continuous improvement of our security-minded culture
- Develop training and processes that raise awareness and skill-level of all engineers
- Act as an internal consultant for all engineering teams and be a trusted adviser to leadership
- Coordinate with security engineers from our parent company and other subsidiaries on shared tools and practices
- Be actively involved with the broader security community
- 5+ years of engineering experience with 2+ years in a security role with responsibilities related to those above
- Experience working collaboratively with application and backend engineers in a software company
- Sound foundations in TCP/IP, network security, Linux internals, authentication protocols
- Knowledge of assessing web applications and REST APIs for vulnerabilities
- Hands-on experience with tools such as Kali Linux, Nmap, Burp Suite, Metasploit Framework, Charles Proxy, Wireshark
- Knowledge of well-known historical and recent vulnerabilities in Linux, openssl, and other common packages
- Familiarity with NIST, OWASP, and other sources of information
- Experience with Configuration Management tools (e.g. Ansible, Chef, Puppet) and building security into Continuous Integration and Continuous Delivery pipelines
- Familiarity with leveraging log aggregation and indexing tools for forensics
- Experience working with Linux, Bash
- Proficiency with at least one programming language (e.g. Python, Ruby, Go, Java)
- Finessed people skills; ability to communicate and persuade technical and non-technical audiences.
- BS/MS in CS / CE or a related field
- Domain specific certifications such as Security+, CEH, GSEC
- Experience working in a modern DevOps culture
- Experience with iOS and Android application auditing
- Knowledge of PCI-DSS
- Experience with security tools and configurations in AWS
- Knowledge of best practices for security monitoring and alerting
At GameChanger we are…
- We put our customers first, always asking, “Will this enhance their youth sports experience?”
- We deeply understand our customers and work hard to anticipate their needs.
- We celebrate and support our customers’ contributions to their communities.
- We listen actively, seeking to understand others before making ourselves heard.
- We challenge each other directly while caring about each other personally.
- We do unglamorous work in service of the team.
- We set aggressive goals designed to drive meaningful change.
- We are eager teachers and curious students who invest in learning.
- We are resilient, thriving in change and adversity.
- We value creative ideas and productivity over seniority and hours worked.
- We entrust decisions to those best positioned to make them.
- We embrace individual responsibility and trust each other to deliver our best effort.
- We say “no” to valuable initiatives so we can concentrate resources on our most important work.
- We respect others’ time by limiting distractions, running efficient meetings and communicating concisely.
- Being part of a team of genuinely kind individuals dedicated to improving the lives of our customers and our employees.
- Benefits including medical, vision, prescription, dental, FSA/HRA, and coverage for family/dependents.
- Well-furnished, modern office
- Commuter Benefits
- Endless supply of snacks and drinks.
- Organized lunches, happy hours, and team outings