Platform Security Engineer (DevOps) - NBC Sports Next - job 5 of 6

We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

Comcast NBCUniversal has announced its intent to create a new publicly traded company ('SpinCo') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The well-capitalized company will have significant scale as a pure-play set of assets anchored by leading news, sports and entertainment content. The spin-off is expected to be completed during 2025.

As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we'll continue to create and deliver content that reflects the current and ever-changing face of the world.

NBC Sports Next is where sports and technology intersect. We’re fueled by our mission to innovate, create larger-than-life events and connect with sports fans through technology. We’re a subdivision of NBC Sports and home to leading technology platforms and digital applications for Youth & Recreational Sports; Golf; and Emerging Media.   

At NBC Sports Next, we equip more than 30MM players, coaches, athletes, sports administrators and fans in 40 countries with more than 25 sports solution products, including SportsEngine, the largest youth sports club, league and team management platform; SportsEngine Play, the first ever streaming service for youth and amateur sports, GolfNow, the leading online tee time marketplace and provider of golf course operations technology; and GolfPass the ultimate golf membership that connects golfers to exclusive content, tee time credits, instructional content and more.   

As a Platform Security Engineer, you’ll play a pivotal role in securing our engineering ecosystem by developing capabilities, services, and automation that balance speed, scalability, and compliance. You’ll lead the DevSecOps roadmap, shaping the future of secure cloud infrastructure and enabling teams to innovate with confidence. This hands-on role emphasizes AWS security, CI/CD security, and security automation, empowering our teams to deliver secure software at scale and quickly remediate issues if they arise. If you’re passionate about building scalable, secure cloud solutions and driving security excellence, we want to talk to you! This role is remote and may require some travel.

Job Description

• Lead Security Efforts on the Platform: Drive and deliver security solutions across AWS cloud, container security (ECS/Kubernetes), CICD, and secure cloud-native architectures while ensuring compliance with standards such as PCI-DSS, ISO27001, SOC 2, NIST 800-53, and COPPA.
• Enhance Secure CI/CD: Build and enhance security related platform capabilities, involving CI/CD pipelines, infrastructure, reusable templates, and automation, enabling teams to deploy rapidly and securely at scale.
• Standardize Secure Patterns: Design and implement reusable patterns that promote security best practices and compliance across all engineering teams.
• Advance Secure Software Delivery: Promote secure delivery practices by embedding security in the build and design phases, emphasizing fast feedback, observability, and operational excellence.
• Collaborate Cross-Functionally: Work closely with SecOps, platform teams, and engineering teams, fostering knowledge sharing and ensuring alignment on security goals and solutions.
• Strengthen Security Posture: Assess and improve existing security standards, practices, and controls to reduce vulnerabilities and enhance the organization’s security posture.
• Drive Compliance Automation: Develop automation strategies to enforce regulatory controls and ensure continuous compliance with industry standards.
• Support Incident Response: Collaborate on incident monitoring and response, conduct Root Cause Analysis, and recommend measures for future mitigation.
  Leverage Key Tools and Skills: Utilize AWS cloud knowledge, Terraform, and Python to develop secure solutions that balance security objectives with developer productivity and business goals.
• Communicate Effectively: Deliver clear security updates, document solutions thoroughly, demo and communicate effectively with diverse stakeholders, including engineering teams and executive leadership.

Required Experience:

• AWS Expertise: 2+ years of hands-on experience with AWS, with a strong focus on IAM best practices and securing common AWS resources (e.g., EC2, S3, RDS) in production public facing environments.
• Linux Proficiency: Minimum of 4 years of experience managing and securing Linux systems.
• Security Automation & Tooling: 2+ years of experience implementing security automation and integrating security tooling (e.g., SEIM, SAST/DAST, WIZ/ORCA, or other).
• Automation/Scripting: 2+ years of experience with Python for automation and scripting in a security/DevSecOps context. 
• Git and GitOps: Practical experience and comfortable using Git and automated workflows for developing code securely.
• Web Security Knowledge: Familiarity with web security best practices, including DNS, firewalls, secure APIs, and database security (e.g., PostgreSQL, MySQL).
• Cloud Security: Proven ability to secure cloud environments, including implementing and managing security controls, auditing, and monitoring.
• Communication & Collaboration: Exceptional written and verbal communication skills with the ability to explain complex security concepts to technical and non-technical audiences.
• Track Record of Solutions: Demonstrated ability to identify and address security challenges, delivering effective solutions through collaboration and leadership.

Preferred Qualifications:

• Regulated Environments: Experience working in environments with complex compliance requirements (e.g., PCI-DSS, SOC 2, ISO27001).
• AWS Certifications: Relevant certifications such as AWS Certified Security – Specialty or AWS Certified Solutions Architect.
• Web Security & Threat Detection: Hands-on experience with WAFs (e.g., AWS WAF, Cloudflare) and centralized logging stacks (e.g., Splunk, Kibana).
• DevSecOps Expertise: Strong understanding of secure CI/CD practices and integrating compliance objectives into pipelines.
• Infrastructure as Code (IaC): Experience with Terraform or CloudFormation for managing secure infrastructure.
• Security Mentorship: Proven ability to mentor engineers and share security knowledge effectively.

Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.

If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to [email protected].

For LA County and City Residents Only:  NBCUniversal will consider for employment
qualified applicants with criminal histories, or arrest or conviction records, in a manner
consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance
Initiative For Hiring Ordinance, the Los Angeles' County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.