• Application Security Manager

    Job Locations US-NY-New York
    Requisition ID
    18-8829
    Division
    Technology
    Functional Area
    Information Technology
  • Overview

    The Madison Square Garden Company (MSG) is a world leader in live sports and entertainment experiences.  The company presents or hosts a broad array of premier events in its diverse collection of iconic venues: New York’s Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall and Beacon Theatre; the Forum in Inglewood, CA; The Chicago Theatre; and the Wang Theatre in Boston.  Other MSG properties include legendary sports franchises: the New York Knicks (NBA), the New York Rangers (NHL) and the New York Liberty (WNBA); two development league teams -- the Westchester Knicks (NBAGL) and the Hartford Wolf Pack (AHL); and one of the leading North American esports organizations, Counter Logic Gaming.  In addition, the Company features popular original entertainment productions -- the Christmas Spectacular and New York Spectacular – both starring the Radio City Rockettes, and through Boston Calling Events, produces outdoor festivals, including New England’s preeminent Boston Calling Music Festival.   Also under the MSG umbrella is TAO Group, a world-class hospitality group with globally-recognized entertainment dining and nightlife brands: Tao, Marquee, Lavo, Avenue, The Stanton Social, Beauty & Essex and Vandal.  More information is available at www.themadisonsquaregardencompany.com

    EEO Statement

    At MSG we value diversity and are looking for extraordinary employees of all backgrounds! MSG is an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, citizenship, age, genetic information, disability, or veteran status. In addition to federal law requirements, MSG complies with all applicable state and local laws governing nondiscrimination in all locations.

    Responsibilities

    Position Summary: 

    As an Application Security Manager, you will be responsible for ensuring all our applications and software meet industry security best practices (OWASP Top 10), while also allowing MSG to provide top-notch services and products to our customers (both internal and external). In this role you will be critical in bridging the gap between MSG’s customer facing programs and marketing tools and its security philosophy, to prevent any potential security threats or events from affecting our most important asset, our guests. 

     

    Main Duties / FunctionsYou will 

    • Be a Security Evangelist who translates security concepts for developers. 
    • Improve and support application security tool deployments and developing standards
    • Liaise between MSG Technology’s security team and our business users who are interacting with our clients through our applications
    • Own roadmap development and delivery providing program reviews and analysis for the roadmap development to implementation
    • Utilize standard testing methodologies on our applications.
    • Partner with 3rd parties to provide penetration testing services to deliver faster results
    • Work with the Software Engineers, Product Management, and related teams to scope, plan and execute application-level security testing
    • Mentor and support the developers on how to write good security unit tests and promote good security testing frameworks
    • Guide and influence application security programs
    • On the regular perform security assessments and analysis
    • Complete application security design reviews and prioritize all security issues you find
    • Will own the roadmap development and delivery of projects 
    • Present penetration testing findings to related teams and provide measurable paths to resolution
    • Deploy programs according to a project management methodology using Agile principles 
    • Will work closely with MSG Technology Development teams and teach them about security threats and potential incidents/events
    • Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace
    • Lead internal skills development activities for our teams on the topic of application security and mentoring by conducting insight sharing sessions

    Qualifications

    Required Qualifications: To be successful you should  

    • Possess a minimum of 5 years of related experience working 
    • 3+ years of experience in application security and software engineering
    • CISSP, CSSLP, or OSCP or equivalent experience
    • Experienced with implementing an SSDLC (Secure Software Development Life Cycle) with DAST (Dynamic Application Security Testing), SAST (Static Analysis Security Testing) and NIST Cyber Security Framework
    • Have led and integrated a Bug Bounty program or love finding bugs and reporting on them
    • Possess a strong understanding of red-team assessments - dare we say it's a passion
    • Ability to investigate the impact of security problems
    • Comfortable working in scripting, permissions management
    • Programming experience with several mainstream languages, from .NET, React, R to C#, no language should be a challenge
    • Comfort with providing leadership to the team to determine budgetary requirements, maintenance, support, and growth of a maturing application security program
    • You are happy forging relationships with Development and DevOps teams
    • You pride yourself in influencing decisionmaking processes at all levels of a large organization
    • Enjoy describing vulnerabilities and weaknesses to many audiences, and implement effective defensive techniques
    • Experienced and appreciate working with others and sharing knowledge
    • You are metric focused and want to help teams measure the right thing to ensure their success
    • You have an advanced knowledge of programming languages, database design and infrastructure
    • Ability to interact with the security community regarding security vulnerabilities and potential threats 

     

    Education

    Education:  
    Candidates who have completed 60 credits of college-level coursework (representing 2 years), or have shown similar self-development through certifications, trade school coursework, etc. are preferred. 

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Join Our Talent Community

    No time to apply? Take a minute to drop us your information and become part of our talent community!