Company Overview

Fanatics is building a leading global digital sports platform. The company ignites the passions of global sports fans and maximizes the presence and reach for hundreds of sports partners globally by offering innovative products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans, a global partner network with over 900 sports properties, including major national and international professional sports leagues, teams, players associations, athletes, celebrities, colleges, and college conferences, and over 2,000 retail locations, including its Lids retail business stores. 

As a market leader with more than 18,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives.

Summary: 

The CyberSecurity Analyst (Network Security) reports to the Sr. Director Information Security and will support efforts in securing the technology strategy and in helping to build and mature the Fanatics Holdings Inc (FHI) Secure programs. The Analyst will apply security standards to secure and monitor network traffic, analyze vulnerabilities, implement security measures, and respond to security incidents. The Analyst will play a crucial role in ensuring the security of web applications and APIs to protect sensitive data, prevent unauthorized access, and mitigate potential security threats. The Analyst will also work closely with our subsidiary security teams and our IT and Operational Technology teams to identify, assess, and mitigate vulnerabilities.

Duties and responsibilities may include: 

Conduct regular assessments of systems and networks to identify vulnerabilities. 

Develop and implement patch management strategies to address vulnerabilities. 

Prioritize vulnerabilities based on risk assessment, considering factors such as exploitability and potential business impact. 

Analyze security incidents related to vulnerabilities and recommend improvements to prevent future threats. 

Support the management of firewalls, intrusion detection/prevention systems, and other network security tools. 

Work closely with IT, including system administrators and network engineers, to ensure a secure network architecture is maintained. 

Implement and advocate for a zero-trust approach to security, especially in integrations and APIs. 

Assess and enhance the security of APIs, ensuring there is proper authentication, authorization, and encryption. 

Develop threat models for web applications and APIs to proactively identify potential security risks. 

Perform security reviews of web applications to identify and remediate vulnerabilities. 

Participate in the review of design principles and controls relating to third party solution providers. 

Collaborate with development teams to integrate security best practices into the software development lifecycle. 

Explore the application of machine learning and AI in identifying and mitigating security threats. 

Stay updated on API security standards such as Oauth 2.0, OpenID Connect, and GraphQL security. 

Stay informed on the latest security patches and advisories. 

Provide reports and updates to management on security metrics and program updates.

Participate in rotating on-call schedule. 

Required Education and Certification:

Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field preferred.

Security certifications such as CCSP - Certified Cloud Security Professional and Certified Information Systems Security Professional (CISSP) are highly desired. 

Required Skills: 

4 years of progressive Information Security experience. 

Expertise in securing web applications and APIs in cloud environments. 

Strong understanding of network architecture, operating systems, and applications. 

Proficiency in using vulnerability assessment tools and security scanners. 

Proficiency in network protocols, firewalls, intrusion detection / prevention systems, VPNs, zero trust network access, and secure remote access. 

Understanding of OWASP Application Security Verification Standard, OWASP Top Ten, etc. 

Knowledge of languages such as Python, JavaScript, as well as scripting and automation. 

Excellent analytical and problem-solving skills. 

Strong communication and interpersonal skills. 

Ability to work collaboratively with cross-functional teams. 

Proactive, adaptable, and possess a continuous learning mindset to keep up with the evolving security challenges and technologies. 

Global experience preferred.

Ability to travel globally as needed. 

\n

The salary range for this position is $112,000-168,000, which represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training. 

Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Feel free to ask your recruiter for a phone call or other type of communication for interview, and ensure your communication is coming from a Fanatics or Fanatics Brand email address. For added security, where possible, apply through our company website at www.fanaticsinc.com/careers

Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.

Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.

NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or other types of positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies. For additional information on how we collect and use personal information in connection with your job application, review our Candidate Privacy Policy-CA