Jobs · Information Technology · New York

Director, Application and Data Security

Major League Soccer · New York, NY · 3 wk ago
Information Technology$165k–$185k/yrFull-time

About the role

The role is critical in ensuring the security of MLS digital products, enterprise applications, APIs, cloud services, data platforms, AI-enabled capabilities, and third-party technology integrations.

Responsibilities

  • Support MLS digital product, application, engineering, data, and enterprise technology teams.
  • Perform application security testing using manual review and automated tools.
  • Conduct threat modeling for new and existing products, applications, APIs, data workflows, integrations, cloud-native services, sensitive data environments, and emerging technology use cases.
  • Review application architecture, authentication, authorization, session management, data flows, logging, encryption, input validation, API design, and secure configuration patterns.
  • Partner with digital product and engineering teams to embed secure-by-design principles, security requirements, and practical controls into the software development lifecycle.
  • Identify, document, prioritize, track, and validate remediation of product, application, cloud, API, data security, and software supply chain findings.
  • Evaluate and help mitigate security risks across MLS data platforms, data pipelines, analytics environments, data integrations, sensitive data workflows, and approved AI use cases.
  • Define, maintain, and improve security requirements, standards, patterns, checklists, and guidance for application security, product security, data protection, access control, encryption, tokenization, data retention, secure data sharing, and responsible use of AI-enabled technologies.
  • Support secure CI/CD implementation, including security gates, code scanning, dependency checks, container image validation, secrets management, deployment controls, and automation opportunities.
  • Review third-party product integrations, SaaS platforms, APIs, SDKs, technology partnerships, AI-enabled tools, and vendor-developed applications for product, application, and data security risks.
  • Collaborate with third-party risk management, legal, privacy, procurement, incident response, and technology teams to support vendor reviews, security events, impact assessments, containment, and remediation.
  • Communicate technical findings, risk, business impact, remediation options, program metrics, recurring issues, and security posture trends to engineering, business, legal, privacy, and executive stakeholders.
  • Serve as a senior hands-on security advisor for high-priority MLS initiatives involving fan-facing platforms, enterprise applications, cloud services, data systems, AI-enabled capabilities, and third-party integrations.

Requirements

Education and Experience:

  • Bachelor’s degree in Computer Science, Information Security, Engineering, Information Technology, or a related field, or equivalent practical experience.
  • 8+ years of experience in cybersecurity, application security, product security, software engineering, cloud security, data security, or related technical security disciplines.
  • 5+ years of hands-on experience performing application security, product security, secure code review, API security review, threat modeling, or security architecture work.
  • Experience working directly with product managers, software engineers, application owners, data teams, enterprise application teams, and business stakeholders.
  • Experience supporting security in cloud environments such as AWS, Azure, or GCP.
  • Experience securing modern application environments, including APIs, microservices, containers, CI/CD pipelines, SaaS platforms, and third-party integrations.
  • Experience supporting security for data platforms, data warehouses, analytics environments, data pipelines, or sensitive business data workflows is strongly preferred.

Skills

  • Strong hands-on knowledge of application security, product security, API security, secure SDLC, threat modeling, vulnerability management, secure architecture principles, and emerging technology risk.
  • Ability to perform technical security reviews of applications, APIs, cloud services, integrations, data flows, SaaS platforms, third-party technologies, and AI-enabled solutions where applicable.
  • Experience with application security testing tools and methods, including SAST, DAST, IAST, SCA, container scanning, secrets scanning, and manual validation.
  • Strong understanding of common application and API risks, including OWASP Top 10, OWASP API Security Top 10, authentication flaws, authorization issues, injection risks, data exposure, insecure deserialization, and business logic vulnerabilities.
  • Working knowledge of cloud security concepts, including IAM, network segmentation, encryption, logging, key management, workload security, and secure cloud architecture.
  • Familiarity with CI/CD platforms, DevSecOps practices, source code repositories, build pipelines, deployment workflows, automation, security gates, and risks associated with AI-assisted software development.
  • Experience with container and Kubernetes security concepts, including image scanning, runtime security, secrets handling, admission controls, and workload isolation.
  • Ability to read and understand code in one or more programming or scripting languages, such as Python, Java, JavaScript, TypeScript, Go, C#, Ruby, or similar languages.
  • Strong understanding of data security principles, including data classification, access control, encryption, data loss prevention, data retention, tokenization, masking, secure data sharing, and risks across data pipelines, data warehouses, analytics platforms, and approved AI use cases.
  • Strong written and verbal communication skills, including the ability to document findings, write remediation guidance, develop security standards, create reusable engineering guidance, and explain technical risk to engineering, business, legal, privacy, and executive stakeholders.
  • Ability to influence teams without direct authority, drive security outcomes through partnership and credibility, and operate hands-on without direct reports while providing director-level ownership, judgment, and accountability.

Similar jobs

Data Security Director

CNA InsurancePlano, TX· 3 days ago
Information Technology$97k–$189k/yrapply on cna.wd1.myworkdayjobs.com

Data Security Director

CNA InsuranceChicago, IL· 3 wk ago
Management$97k–$189k/yrapply on cna.wd1.myworkdayjobs.com

Director Security

Wells EnterprisesChicago, IL· 3 wk ago
Information Technology$132k–$213k/yrapply on hcsb.fa.us2.oraclecloud.com