Kubernetes & Application Security Engineer

A bit about us 

Do you want to join one of the world’s fastest growing sports technology companies? 

Genius Sports is at the epicenter of the global network connecting sports, brands and fans through official live data. Our mission is simple. We champion a more sustainable sports data ecosystem that benefits all parties. 

We’re looking for enthusiastic and ambitious people to join our talented team. 

If you see yourself becoming part of a global family building the future of sports entertainment together, then come and grow with us.  

We put trust in our people to deliver the difference for our clients around the world. It’s why many of the world’s largest leagues & federations such as the NFL, English Premier League, FIBA and NCAA choose to work with Genius Sports. 
 

The Role  

We are accelerating our security journey, aiming to deliver the most trusted sports technology and data on the market and elevating security as a competitive differentiator. Our Security vision is to win customers, partners, and fans based on trust in our ability to always protect their data. We strive to achieve this through our mission to always embed security into the way we act and the products we deliver. 

Are you ready to help to transform the security posture and culture into an innovative environment? We are seeking an experienced Kubernetes & Application Security Engineer who can improve the security practices required to deliver products and services with security by design and by default. 

This is a great opportunity to join our team at a fantastic time of growth and truly make an impact. 

The successful candidate will be an engaging, self-starter who can operate with high levels of autonomy and strives for continuous improvement. 

The candidate should have a track record for both secure architecture design and secure coding within highly technology-driven environments. Also, they will feel comfortable developing automatic tools to increase the productivity of the security practices in the SDLC. The ability to influence, train and support cross-functional teams in managing technology product related threats and risks. 

Secure software architecture and coding 

• Working closely with Kubernetes expert teams (DevOps, Platform Engineering, DevSecOps) to improve the security posture of our infrastructure and internally developed products/services. 

• Audit our Kubernetes deployments against industry security standards such as CIS benchmarks.  

• Support the installation and upgrade of hardened clusters covering internal components such as networking, storage, services, etc.  

• Oversee management of vulnerabilities in containers and operating systems.  

• Monitor and propose solutions for supply chain risks and runtime security issues. 

• Work in tandem with engineering, product and operational teams to identify gaps and propose improvements for the SLDC. 

• Perform threat modelling exercises, working with the engineering teams to identify threats and agree remediation. 

• Designing and implementing internal tools to improve the security practices inside the SDLC. 

• Conduct security code reviews for critical system components evaluating the non-compliance issues and software standards deviations. 

• Create and execute training for the software engineers to improve education and culture around secure development.  

Security tooling management 

• Support the setting up of CI/CD for security tools developed by the AppSec team. 

• Design and execute sophisticated security assessments against software and hardware such as Desktop & Mobile applications, IoT devices, Web APIs, amongst others. 

Other 

• Contribute to the successful execution of the AppSec strategy. 

• Communicate and collaborate effectively with wider tech teams to solve complex issues and guide remediation efforts. 

• Research security trends about both secure architecture and secure coding to continuously improve security practices in the organization. 
  

Who you are:

• An expert in Kubernetes security. 

• Experience with multiple programming languages such as Java, JavaScript, C#, Python, PHP or similar. 

• Strong understanding of software architecture and deployment strategies such as A/B testing, canary, blue green, amongst others. 

• In-depth knowledge of Cloud Security, particularly in CIS Amazon Elastic, Kubernetes Service (EKS), AWS Well-Architected Framework, Cloud Controls Matrix (CCM) 

• Knowledge of secure coding and defensive programming techniques. 

• Proficiency in offensive and defensive security technologies. 

• A deep understanding of software development practices and cloud environments, able to understand and build credibility with highly technical teams (e.g. IT, Engineers, Product, DevSecOps). 

•  Strong analytical and problem-solving skills.  

• Ability to mentor and coach peers and colleagues.  

• Adaptability to the continuous evolution of the Kubernetes ecosystem and security landscape.  

• Able to lead and collaborate with other cross-functional teams. 
  

What you’ll bring:

• Deep understanding of secure network infrastructure, secure architecture and secure coding. 

• Extensive experience securing Kubernetes infrastructure. 

• Expertise in cryptography to manage the encryption at rest and in transit on complex systems. 

• Experience in a technology and software engineering-led organizations, working with Agile methodologies is desirable. 

• Awareness of applicable laws, regulations and standards including Data Protection Laws, SOX, ISO 27001, SOC 2 and NIST. 
   

What’s in it for you? 

As well as a competitive salary and annual leave allowance, our benefits include health insurance, skills training and much more, depending on the location. We also offer a host of softer benefits, including many social events throughout the year such as summer and winter holiday parties, monthly team building events, sports tournaments, charity days and wellbeing activities.  

The salary for this role is based on an annualized range of $165,000 - $185,000. This role will also be eligible to take part in Genius Sports Group's benefits plan. 
 

How we work 

Genius will be returning to the office 4 days a week, and this will give you the opportunity to work collaboratively face-to-face with colleagues in our NYC office.

Our employees are empowered to stretch the boundaries of what’s achievable, always reaching further and pushing the edges to see what gives. We collaborate, we innovate, and we celebrate. We will continue to grow as an organization and continue to invest in our highly talented and diverse team.

Genius Sports Group is proud to be an equal opportunities employer. We recognize and celebrate the benefits that a diverse and inclusive workforce bring to our business, our customers and our staff. We welcome and will consider all applications regardless of age, different abilities or disability, gender re-assignment, marriage, pregnancy, maternity, race or nationality, religion or belief, sex and sexual orientation (and any other applicable status). Please let us know when you apply if you need any assistance during the recruiting process due to a disability.