Job Specifications
As the Senior Manager of Defensive Security, you will be instrumental in Major League Baseball’s effort to embed security into our product design and software delivery lifecycle.
You’ll lead the integration of anti-bot, anti-fraud, API, and application security tooling, and automate security controls across our CI/CD pipelines—ensuring our web and mobile platforms remain resilient and trusted by millions of fans and employees alike.
Your work will defend the league’s digital assets from emerging threats, ensuring every pitch, stream, and stat is delivered securely to fans around the world. You will also define MLB’s next-generation defensive strategy, including security for agentic AI, MCP infrastructure, and autonomous system-to-system interactions.
Responsibilities
Security Engineering & Automation
Design and implement scalable defensive security controls within CI/CD pipelines, infrastructure-as-code, and cloud-native environments
Lead integration of anti-bot, anti-fraud, API security, and application security tools across MLB's digital platforms
Improve our security architecture by partnering with DevOps, SRE, Product & Software Engineering teams to embed security early in the software development lifecycle (Shift Left)
Threat Defense & Incident Readiness
Oversee detection engineering efforts to improve visibility, reduce dwell time, and create actionable security alerts and response automations
Partner with the Security Operations and Offensive Security teams to mature incident response playbooks, adversary emulation, and purple team exercises
Evaluate threats, vulnerabilities, and attack techniques to ensure proactive defense postures (MITRE ATT&CK, D3FEND-aligned)
Take part in the on-call rotation for high-severity incident escalations, particularly during high-profile events such as major game days, ticket launches, or partner broadcasts
Vulnerability & Exposure Management
Lead vulnerability management activities, ensuring timely identification, triage, and remediation of security findings across infrastructure, applications, and APIs
Collaborate with product, IT, and infrastructure teams to prioritize risk-based remediation efforts and report on exposure trends
Pilot and integrate agentic AI platforms capable of real-time contextual decision-making (e.g., alert triage, threat hunting, VRM automation) to reduce mean time to respond (MTTR) and analyst fatigue
Secure Architecture & Application Hardening
Develop and enforce secure design patterns for web, mobile, and API platforms, emphasizing resiliency against modern attack vectors
Partner with developers and product teams to conduct architectural threat modeling and review high-impact features or deployments
Champion best practices in authentication, session management, data protection, and secure SDLC
Define and enforce cloud security architecture standards across AWS, Azure, and GCP, incorporating best practices for workload isolation, IAM, encryption, and control plane monitoring
Leadership & Collaboration
Mentor and develop a growing team of defensive security engineers and analysts; foster a high-performance, innovation-focused culture
Track and report key performance indicators (KPIs) and defensive maturity metrics to security leadership and executive stakeholders
Serve as a key security stakeholder across Engineering, IT, Product, Legal, and third-party vendors
Develop and maintain operational security playbooks, peer-review standards, and change-control procedures. Act as the primary Defensive Security stakeholder in security governance, risk assessments, and change-advisory board processes
Qualifications & Skills
Bachelor’s or Master of Computer Science, Software Engineering, or Cybersecurity
4+ years of experience in Dev(Sec)Ops, software engineering, security engineering or a related role
Relevant certifications from recognized organizations such as (ISC)², GIAC (SANS), CompTIA, OffSec, ISACA, Security Blue Team, or cloud providers (AWS, Azure, GCP) are a strong plus
Experience implementing and managing security tooling in one or more areas: WAF, bot mitigation, RASP, EDR, SIEM, CSPM, SAST/DAST, or API security platforms is required
Proficiency in one or more languages such as Python, Go, or Bash for automating security controls and CI/CD workflows is required. Experience with formal SSDLC frameworks (e.g., OWASP SAMM) is a plus
Experience securing backend APIs (REST, GraphQL, MCP) developed in languages like Node.js, Java, Python or Go is a plus
Deep understanding of modern application architectures (cloud-native, microservices, APIs) and their security implications is required
Solid experience with DevOps platforms and IaC (Kubernetes, Terraform, GitHub Actions, etc.) is required
Capable of independently driving mission-critical initiatives to completion with accuracy and care, exercising sound judgment and discretion in the handling of sensitive or confidential information
Strong written and oral communications skills. A