<p>As the Senior Manager of Defensive Security, you will be instrumental in Major League Baseball's effort to embed security into our product design and software delivery lifecycle.</p> <p>You'll lead the integration of anti-bot, anti-fraud, API, and application security tooling, and automate security controls across our CI/CD pipelines-ensuring our web and mobile platforms remain resilient and trusted by millions of fans and employees alike.</p> <p>Your work will defend the league's digital assets from emerging threats, ensuring every pitch, stream, and stat is delivered securely to fans around the world. You will also define MLB's next-generation defensive strategy, including security for agentic AI, MCP infrastructure, and autonomous system-to-system interactions.</p> <p>Responsibilities</p> <p>Security Engineering & Automation</p> <ul> <li>Design and implement scalable defensive security controls within CI/CD pipelines, infrastructure-as-code, and cloud-native environments </li><li>Lead integration of anti-bot, anti-fraud, API security, and application security tools across MLB's digital platforms </li><li>Improve our security architecture by partnering with DevOps, SRE, Product & Software Engineering teams to embed security early in the software development lifecycle (Shift Left) </li></ul> <p>Threat Defense & Incident Readiness</p> <ul> <li>Oversee detection engineering efforts to improve visibility, reduce dwell time, and create actionable security alerts and response automations </li><li>Partner with the Security Operations and Offensive Security teams to mature incident response playbooks, adversary emulation, and purple team exercises </li><li>Evaluate threats, vulnerabilities, and attack techniques to ensure proactive defense postures (MITRE ATT&CK, D3FEND-aligned) </li><li>Take part in the on-call rotation for high-severity incident escalations, particularly during high-profile events such as major game days, ticket launches, or partner broadcasts </li></ul> <p>Vulnerability & Exposure Management</p> <ul> <li>Lead vulnerability management activities, ensuring timely identification, triage, and remediation of security findings across infrastructure, applications, and APIs </li><li>Collaborate with product, IT, and infrastructure teams to prioritize risk-based remediation efforts and report on exposure trends </li><li>Pilot and integrate agentic AI platforms capable of real-time contextual decision-making (e.g., alert triage, threat hunting, VRM automation) to reduce mean time to respond (MTTR) and analyst fatigue </li></ul> <p>Secure Architecture & Application Hardening</p> <ul> <li>Develop and enforce secure design patterns for web, mobile, and API platforms, emphasizing resiliency against modern attack vectors </li><li>Partner with developers and product teams to conduct architectural threat modeling and review high-impact features or deployments </li><li>Champion best practices in authentication, session management, data protection, and secure SDLC </li><li>Define and enforce cloud security architecture standards across AWS, Azure, and GCP, incorporating best practices for workload isolation, IAM, encryption, and control plane monitoring </li></ul> <p>Leadership & Collaboration</p> <ul> <li>Mentor and develop a growing team of defensive security engineers and analysts; foster a high-performance, innovation-focused culture </li><li>Track and report key performance indicators (KPIs) and defensive maturity metrics to security leadership and executive stakeholders </li><li>Serve as a key security stakeholder across Engineering, IT, Product, Legal, and third-party vendors </li><li>Develop and maintain operational security playbooks, peer-review standards, and change-control procedures. Act as the primary Defensive Security stakeholder in security governance, risk assessments, and change-advisory board processes </li></ul> <p>Qualifications & Skills</p> <ul> <li>Bachelor's or Master of Computer Science, Software Engineering, or Cybersecurity </li><li>4+ years of experience in Dev(Sec)Ops, software engineering, security engineering or a related role </li><li>Relevant certifications from recognized organizations such as (ISC)², GIAC (SANS), CompTIA, OffSec, ISACA, Security Blue Team, or cloud providers (AWS, Azure, GCP) are a strong plus </li><li>Experience implementing and managing security tooling in one or more areas: WAF, bot mitigation, RASP, EDR, SIEM, CSPM, SAST/DAST, or API security platforms is required </li><li>Proficiency in one or more languages such as Python, Go, or Bash for automating security controls and CI/CD workflows is required. Experience with formal SSDLC frameworks (e.g., OWASP SAMM) is a plus </li><li>Experience securing backend APIs (REST, GraphQL, MCP) developed in languages like Node.js, Java, Python or Go is a plus </li><li>Deep understanding of modern application architectures (cloud-native, microservices, APIs) and their security implications is required </li><li>Solid experience with DevOps platforms and IaC (Kubernetes, Terraform, GitHub Actions, etc.) is a plus </li><li>Capable of independently driving mission-critical initiatives to completion with accuracy and care, exercising sound judgment and discretion in the handling of sensitive or confidential information </li><li>Strong written and oral communications skills. Ability to explain technical concepts to audiences at different levels </li></ul> <p>Salary Range: $140,000- $175,000 (Base Salary) + Bonus</p> <p>As a candidate for this position, your salary and related elements of compensation will be contingent upon your work experience, education, skills and any other factors Major League Baseball (MLB) considers relevant to the hiring decision. In addition to your salary, MLB believes in providing a competitive compensation and benefits package for its employees.</p> <p>Top MLB Perks & Benefits</p> <ul> <li>100% Employer Paid Medical/Dental/Vision Premiums </li><li>Company Contributed 401K Plan </li><li>Paid Time Off and Holidays </li><li>Paid Parental Leave </li><li>Access to Free Tickets to Baseball Games & MLB.TV </li><li>Discounts at MLB Store | MLBShop.com </li><li>Employee Assistance Programs (EAP) </li><li>Onsite/Online Training & Development Programs </li><li>Tuition Reimbursement </li><li>Disability Benefits (short term and long term) </li><li>Life and Accidental Death Insurance </li><li>Pet Insurance </li></ul>