Platform Security Engineer (DevOps) - NBC Sports Next

About the position

As a Platform Security Engineer, you’ll play a pivotal role in securing our engineering ecosystem by developing capabilities, services, and automation that balance speed, scalability, and compliance. You’ll lead the DevSecOps roadmap, shaping the future of secure cloud infrastructure and enabling teams to innovate with confidence. This hands-on role emphasizes AWS security, CI/CD security, and security automation, empowering our teams to deliver secure software at scale and quickly remediate issues if they arise. If you’re passionate about building scalable, secure cloud solutions and driving security excellence, we want to talk to you! This role is remote and may require some travel.

Responsibilities

• Drive and deliver security solutions across AWS cloud, container security (ECS/Kubernetes), CICD, and secure cloud-native architectures while ensuring compliance with standards such as PCI-DSS, ISO27001, SOC 2, NIST 800-53, and COPPA.
• Build and enhance security related platform capabilities, involving CI/CD pipelines, infrastructure, reusable templates, and automation, enabling teams to deploy rapidly and securely at scale.
• Design and implement reusable patterns that promote security best practices and compliance across all engineering teams.
• Promote secure delivery practices by embedding security in the build and design phases, emphasizing fast feedback, observability, and operational excellence.
• Work closely with SecOps, platform teams, and engineering teams, fostering knowledge sharing and ensuring alignment on security goals and solutions.
• Assess and improve existing security standards, practices, and controls to reduce vulnerabilities and enhance the organization’s security posture.
• Develop automation strategies to enforce regulatory controls and ensure continuous compliance with industry standards.
• Collaborate on incident monitoring and response, conduct Root Cause Analysis, and recommend measures for future mitigation.
• Utilize AWS cloud knowledge, Terraform, and Python to develop secure solutions that balance security objectives with developer productivity and business goals.
• Deliver clear security updates, document solutions thoroughly, demo and communicate effectively with diverse stakeholders, including engineering teams and executive leadership.

Requirements

• 2+ years of hands-on experience with AWS, with a strong focus on IAM best practices and securing common AWS resources (e.g., EC2, S3, RDS) in production public facing environments.
• Minimum of 4 years of experience managing and securing Linux systems.
• 2+ years of experience implementing security automation and integrating security tooling (e.g., SEIM, SAST/DAST, WIZ/ORCA, or other).
• 2+ years of experience with Python for automation and scripting in a security/DevSecOps context.
• Practical experience and comfortable using Git and automated workflows for developing code securely.
• Familiarity with web security best practices, including DNS, firewalls, secure APIs, and database security (e.g., PostgreSQL, MySQL).
• Proven ability to secure cloud environments, including implementing and managing security controls, auditing, and monitoring.
• Exceptional written and verbal communication skills with the ability to explain complex security concepts to technical and non-technical audiences.
• Demonstrated ability to identify and address security challenges, delivering effective solutions through collaboration and leadership.

Nice-to-haves

• Experience working in environments with complex compliance requirements (e.g., PCI-DSS, SOC 2, ISO27001).
• Relevant certifications such as AWS Certified Security – Specialty or AWS Certified Solutions Architect.
• Hands-on experience with WAFs (e.g., AWS WAF, Cloudflare) and centralized logging stacks (e.g., Splunk, Kibana).
• Strong understanding of secure CI/CD practices and integrating compliance objectives into pipelines.
• Experience with Terraform or CloudFormation for managing secure infrastructure.
• Proven ability to mentor engineers and share security knowledge effectively.