Security Application Engineer III

About SIDEARM Sports

The team at SIDEARM provides the technology platform that powers the official websites, mobile apps, statistical integration, live audio and video streaming, and e-commerce platforms of more than 1,600 collegiate athletic partners across the nation.

We’re a passionate mix of technologists, creatives, and strategists that care deeply about the products we create, and the people we create them for. We stand at the intersection of sports and technology, and are constantly innovating and evolving our products to deeply integrate the industries and provide exceptional products for our partners and their fans. Our team embraces a casual and collaborative work environment that moves at a rapid pace, where all team members are deeply involved in the success of our products and services.

We’re fortunate enough to be trusted by some of the biggest brands in the industry, including 300 NCAA Division I programs, and over 55 of the 65 Power 5 athletic departments. We are proud that the work we do is experienced by millions of sports fans each year.

Job Summary:

As a Security Application Engineer III, you will be responsible for securing our web and mobile applications, identifying vulnerabilities, and implementing robust security measures. You will collaborate with development, operations, and product teams to integrate security best practices throughout the software development lifecycle. The ideal candidate has a strong background in application security, a keen eye for detail, and a passion for safeguarding user data.

Key Responsibilities:

• Conduct security assessments and vulnerability testing of web and mobile applications.
• Collaborate with development teams to integrate security best practices and principles throughout the software development lifecycle.
• Identify, analyze, and mitigate security vulnerabilities and threats.
• Develop and implement security tools, processes, and technologies to enhance application security.
• Conduct code reviews and provide guidance to developers on secure coding practices.
• Stay up-to-date with the latest security trends, vulnerabilities, and threats.
• Respond to security incidents and perform root cause analysis.
• Develop and maintain security documentation, including policies, procedures, and guidelines.
• Educate and train staff on security best practices and emerging threats.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• At least 4+ years experience in application security, including web and mobile application security.
• Proficiency in security testing tools and methodologies (e.g., OWASP ZAP, Burp Suite, static and dynamic analysis tools).
• Strong understanding of secure coding practices and principles.
• Experience with common security frameworks and standards (e.g., SOC2, OWASP, NIST, ISO/IEC 27001).
• Knowledge of authentication and authorization protocols (e.g., OAuth, JWT, SAML).
• Familiarity with cloud security best practices (e.g., AWS, Azure, Google Cloud).
• Excellent problem-solving skills and attention to detail.
• Strong communication and collaboration skills.
• Passion for sports and an understanding of the sports industry.

Preferred Qualifications:

• Relevant security certifications (e.g., CISSP, CEH, OSCP).
• Experience with DevSecOps practices and tools.
• Knowledge of network security and endpoint security.
• Experience with incident response and forensic analysis.

Pay Transparency

The approximate base pay range for this position is $105,000 to $115,000. Please note that the pay range provided is a good faith estimate for the position at the time of posting. Individuals may also be eligible for an annual discretionary bonus and/or sales compensation. Actual compensation may vary based on factors including but not limited to job-related knowledge, skills, and experience as well as geographic location.