Security Architect

Security Architect at Fanatics

The Security Architect reports to the Sr. Director of Cybersecurity of Fanatics Collectibles and is responsible for assessing Cyber risks to our technology and in building and maturing the Fanatics Collectibles’ Enterprise Security program. This role will directly reduce cybersecurity risk across enterprise security platforms. The Security Architect is also responsible for configuring, enforcing, and assisting with cloud migrations and M&A integrations, working closely with existing cybersecurity and infrastructure teams to reduce cybersecurity risks across our evolving technology landscape.

Duties And Responsibilities

• Develops an understanding of Fanatic Collectibles’ current and forward-looking threat profile using requirements to improve the Information Security Program.
• Builds out security tooling for Identity and SaaS based solutions.
• Takes ownership of cloud security infrastructure buildouts and expansions.
• Drives consolidation and integration efforts to maximize security.
• Works closely with infrastructure team to integrate Okta / IAM into new and existing domain-related projects to enhance access control and security.
• Protects valuable information and maintains the confidentiality and integrity of data through knowledge of security management, network & protocols, data and application security solutions, and industry trends and current and emerging risks.
• Develops and enforces hardening standards for Windows, Mac, and Linux servers and workstations.
• Partners with the infrastructure team to determine secure configuration for new domain related projects.
• Strong command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies.
• Acts as a Cybersecurity expert, keeping technical skills current and participating in multiple security forums and communities.
• Ability to identify indicators of compromise, network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation.
• Partners with IT and the Business to ensure Fanatics Collectibles maintains appropriate disaster recovery (DR) and Business Continuity Plans which address Information Security requirements.
• Provides expertise, guidance and advice related to all information security issues.

Education and Certifications

Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field required. Master’s degree preferred.

Must have one of the following certifications:

• (ISC)² CISSP
• (ISC)² CCSP
• GIAC Defensible Security Architecture (GDSA)
• GIAC Cloud Security Automation (GCSA)
• GIAC Public Cloud Security (GPCS)
• AWS Certified Security – Specialty
• Microsoft Certified: Azure Security Engineer Associate (AZ‑500)
• Google Professional Cloud Security Engineer

Nice to have one of the following certifications:

• GIAC Defending Advanced Threats (GDAT)
• GIAC Cloud Security Essentials (GCLD)
• Certified Kubernetes Security Specialist (CKS)
• Okta Certified Administrator or Okta Certified Professional
• Microsoft Identity and Access Administrator (SC‑300)
• ISACA CISM
• SABSA Foundation (SCF) or TOGAF Foundation
• GIAC Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP)

Required Skills

• 10+ years of progressive Information Security experience, with at least 3 years in a security architect role.
• Expertise in Information Security best practices and implementing Information Security Architectures.
• Experience leveraging the MITRE ATT&CK framework and threat modeling frameworks.
• Detailed knowledge of global cyber threats, threat actors, and TTPs used by adversaries.
• Expert experience with Active Directory security and configuration.
• Experience in integrating Okta with directory services (LDAP, AD) and understanding of federation concepts and technologies.
• Solid understanding of IAM related protocols such as SAML, SPML, XACML, SCIM, OpenID, and OAuth.
• In-depth knowledge of CIS benchmarks and hardening guides.
• Impeccable presentation and communication skills.
• Clear experience & success negotiating competing demands across stakeholder groups.
• Ability to work collaboratively in teams and develop meaningful relationships.
• Global experience preferred.

Key skills/competency

• Cybersecurity
• Risk Management
• Cloud Security
• IAM (Identity and Access Management)
• Security Architecture
• MITRE ATT&CK
• Threat Modeling
• Active Directory
• Okta
• Data Protection