Senior Security Engineer
Majorleaguebaseball · Remote, USA · Posted Jun 3, 2026
Apply on company site Track it in JobSkout
As a Senior Security Engineer, Development Security Operations, you will help build the security engineering layer behind MLB’s application delivery and cloud infrastructure. The work spans applications, APIs, cloud platforms, infrastructure-as-code, CI/CD pipelines, and the Agentic SDLC.
You will write automation, integrate security tools, and turn security requirements into controls that engineering teams can use in their normal delivery workflows. The role is focused on reducing preventable security issues, improving how findings are detected and routed, and cutting down repetitive remediation work across revenue-critical applications and fan-facing systems.
Responsibilities
We are looking for a hands-on security engineer who can write code, integrate tools, automate workflows, and turn security requirements into implemented solutions.
The person in this role should be comfortable using AI-assisted workflows to make security review, prioritization, remediation, and operations faster and more reliable, while keeping engineering ownership, approval, and auditability intact.
Application Account Security
Support anti-bot, anti-fraud, account-abuse, and application-abuse prevention through application telemetry integration, automation, and coordination with edge/platform teams
Build and deploy application and API security controls as code, including HAProxy configuration, WAF and bot-management rules, rate limits, routing controls, and related edge/platform security policy through version-controlled IaC and CI/CD workflows
CI/CD Security Software Supply Chain
Collaborate with development and infrastructure teams to integrate security into CI/CD pipelines
Build and improve security controls across CI/CD pipelines, source code platforms, artifact repositories, and deployment workflows
Integrate security testing such as code scanning, secrets scanning, dependency scanning, container scanning, and infrastructure-as-code scanning into developer workflows
Help define findings severity levels, ownership, exception handling, and remediation routing models
Partner with engineering and security teams to reduce remediation noise and improve secure delivery practices
Infrastructure and Cloud Platform Security Guardrails
Build policy-as-code and security guardrails for cloud, infrastructure-as-code, Kubernetes, and platform delivery workflows
Help prevent common risks such as public exposure, overly permissive access, weak logging, insecure storage, missing encryption, and unsafe secrets handling
Create reusable security patterns, remediation guidance, and developer-friendly feedback for infrastructure and platform teams
Partner with cloud and platform teams to improve baseline security across prioritized environments
AI-Assisted Security Engineering and Innovation
Identify practical opportunities to use AI-assisted workflows across security review, remediation, prioritization, and operational analysis
Evaluate and integrate AI-enabled development and security tools where they improve quality, speed, or consistency
Build governed AI-assisted workflows that preserve human approval, auditability, secure data handling, and engineering ownership
Help define responsible AI usage patterns for DevSecOps and security engineering workflows
Collaboration and Operational Support
Partner with Product, Development, Cloud Platform, and Security teams to embed security earlier in engineering workflows
Drive adoption of secure engineering practices through practical guidance, reusable patterns, and developer-friendly tooling
Support threat modeling and security reviews, and provide practical guidance for prioritized applications and platforms
Participate in an on-call rotation to respond to escalated security issues and high-risk operational events
Qualifications Skills
Bachelor’s or Master’s degree in Computer Science, Software Engineering, Cybersecurity, or equivalent practical experience
4+ years of experience in DevSecOps, software engineering, security engineering, cloud security, infrastructure security, or a related role
Proficiency in one or more programming languages such as Java, Go, Python, or similar, with experience building automation, integrations, or production tooling
Experience with REST and/or GraphQL APIs, including testing, debugging, and building integrations
Hands-on experience with DevOps and infrastructure automation tools including Kubernetes, Terraform, GitHub Actions, or similar platforms
Experience integrating security controls into development, CI/CD, infrastructure, or cloud workflows
Experience with cloud security concepts and controls, with Google Cloud Platform (GCP) as the primary cloud environment. Familiarity with AWS, OCI, Azure, or multi-cloud security patterns is preferred
Ability to execute tasks with high accuracy and thoroughness and maintain confidentiality when dealing with sensitive information
Strong written and verbal communications skills. Ability to …