Summary:

The Security Architect reports to the Sr. Director of Cybersecurity of Fanatics Collectibles and is responsible for assessing Cyber risks to our technology and in building and maturing the Fanatics Collectibles’ Enterprise Security program. The Security Architect will be directly responsible for reducing cybersecurity risk across enterprise security platforms.

The Security Architect is also responsible configuring, enforcing, and assisting with cloud migrations and M&A integrations. The Architect will work closely with the existing cybersecurity and infrastructure teams with a goal of reducing cybersecurity risks across our evolving technology landscape.

Duties and responsibilities may include:

• Develops an understanding of Fanatic Collectibles’ current and forward-looking threat profile using requirements to improve the Information Security Program.
• Builds out security tooling for Identity and SaaS based solutions.
• Takes ownership of cloud security infrastructure buildouts and expansions.
• Drives consolidation and integration efforts to maximize security.
• Works closely with infrastructure team to integrate Okta / IAM into new and existing domain-related projects to enhance access control and security.
• Protects valuable information and maintains the confidentiality and integrity of data through:  
  • Knowledge of security management, network & protocols, data and application security solutions
  • Knowledge of industry trends and current and emerging risks
• Develops and enforces hardening standards for Windows, Mac, and Linux servers and workstations.
• Partners with the infrastructure team to determine secure configuration for new domain related projects.
• Strong command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
• Cybersecurity expert, keeping technical skills current and participating in multiple security forums and communities
• Ability to identify indicators of compromise, network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation.
• Partners with IT and the Business to ensure Fanatics Collectibles maintains appropriate disaster recovery (DR) and Business Continuity Plans which address Information Security requirements.
• Provides expertise, guidance and advice related to all information security issues.

Required Education and Certification: 

• Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field required. Master’s degree preferred. 
• Must have one of the following certifications: (ISC)² CISSP; (ISC)² CCSP; GIAC Defensible Security Architecture (GDSA); GIAC Cloud Security Automation (GCSA); GIAC Public Cloud Security (GPCS); AWS Certified Security – Specialty; Microsoft Certified: Azure Security Engineer Associate (AZ‑500); Google Professional Cloud Security Engineer.
• Nice to have one of the following certifications: GIAC Defending Advanced Threats (GDAT); GIAC Cloud Security Essentials (GCLD); Certified Kubernetes Security Specialist (CKS); Okta Certified Administrator or Okta Certified Professional; Microsoft Identity and Access Administrator (SC‑300); ISACA CISM; SABSA Foundation (SCF) or TOGAF Foundation; GIAC Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP).

Required Skills:

• 10+ years of progressive Information Security experience in a combination of Information Security and Information Technology roles. At least 3 years must be in a security architect role. 
• Expertise in Information Security best practices and implementing Information Security Architectures. 
• Experience leveraging the MITRE ATT&CK framework and threat modeling frameworks.
• Detailed knowledge of global cyber threats, threat actors and the tactics, techniques and procedures used by cyber adversaries; demonstrated understanding of threat modeling techniques, in a cyber intelligence or cyber operations environment
• Expert experience with Active Directory security and configuration.
• Experience in integrating Okta with directory services (LDAP, AD) and understanding of federation concepts and technologies.
• Solid understanding of IAM related protocols such as SAML, SPML, XACML, SCIM, OpenID, and OAuth.
• In depth knowledge of CIS benchmarks and hardening guides.
• Impeccable presentation and communication skills.
• Clear experience & success negotiating competing demands across a variety of stakeholder groups
• Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals
• Global experience preferred. 

In New York City, the base salary range for this role is $160,000–$200,000, which represents base pay only and does not include short-term or long-term incentive compensation. In Los Angeles, the base salary range is $144,000–$180,000. For other U.S. locations, the range is $128,000–$160,000, though actual figures may vary by region.
The ranges for New York City and Los Angeles are specific to those markets and may not apply to other locations.  Final base pay is determined as part of a comprehensive compensation package and takes into account factors such as location, experience, qualifications, and training.
 

Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Feel free to ask your recruiter for a phone call or other type of communication for interview, and ensure your communication is coming from a Fanatics email address (including @collectfanatics.com). For added security, where possible, apply through our company website at www.fanaticsinc.com/careers.