Senior Manager, Defensive Security

As the Senior Manager of Defensive Security, you will be instrumental in Major League Baseball’s effort to embed security into our product design and software delivery lifecycle.

You’ll lead the integration of anti-bot, anti-fraud, API, and application security tooling, and automate security controls across our CI/CD pipelines—ensuring our web and mobile platforms remain resilient and trusted by millions of fans and employees alike.

Your work will defend the league’s digital assets from emerging threats, ensuring every pitch, stream, and stat is delivered securely to fans around the world. You will also define MLB’s next-generation defensive strategy, including security for agentic AI, MCP infrastructure, and autonomous system-to-system interactions.

Responsibilities

Security Engineering & Automation

• Design and implement scalable defensive security controls within CI/CD pipelines, infrastructure-as-code, and cloud-native environments
• Lead integration of anti-bot, anti-fraud, API security, and application security tools across MLB's digital platforms
• Improve our security architecture by partnering with DevOps, SRE, Product & Software Engineering teams to embed security early in the software development lifecycle (Shift Left)

Threat Defense & Incident Readiness

• Oversee detection engineering efforts to improve visibility, reduce dwell time, and create actionable security alerts and response automations
• Partner with the Security Operations and Offensive Security teams to mature incident response playbooks, adversary emulation, and purple team exercises
• Evaluate threats, vulnerabilities, and attack techniques to ensure proactive defense postures (MITRE ATT&CK, D3FEND-aligned)
• Take part in the on-call rotation for high-severity incident escalations, particularly during high-profile events such as major game days, ticket launches, or partner broadcasts

Vulnerability & Exposure Management

• Lead vulnerability management activities, ensuring timely identification, triage, and remediation of security findings across infrastructure, applications, and APIs
• Collaborate with product, IT, and infrastructure teams to prioritize risk-based remediation efforts and report on exposure trends
• Pilot and integrate agentic AI platforms capable of real-time contextual decision-making (e.g., alert triage, threat hunting, VRM automation) to reduce mean time to respond (MTTR) and analyst fatigue

Secure Architecture & Application Hardening

• Develop and enforce secure design patterns for web, mobile, and API platforms, emphasizing resiliency against modern attack vectors
• Partner with developers and product teams to conduct architectural threat modeling and review high-impact features or deployments
• Champion best practices in authentication, session management, data protection, and secure SDLC
• Define and enforce cloud security architecture standards across AWS, Azure, and GCP, incorporating best practices for workload isolation, IAM, encryption, and control plane monitoring

Leadership & Collaboration

• Mentor and develop a growing team of defensive security engineers and analysts; foster a high-performance, innovation-focused culture
• Track and report key performance indicators (KPIs) and defensive maturity metrics to security leadership and executive stakeholders
• Serve as a key security stakeholder across Engineering, IT, Product, Legal, and third-party vendors
• Develop and maintain operational security playbooks, peer-review standards, and change-control procedures. Act as the primary Defensive Security stakeholder in security governance, risk assessments, and change-advisory board processes

Qualifications & Skills

• Bachelor’s or Master of Computer Science, Software Engineering, or Cybersecurity
• 4+ years of experience in Dev(Sec)Ops, software engineering, security engineering or a related role
• Relevant certifications from recognized organizations such as (ISC)², GIAC (SANS), CompTIA, OffSec, ISACA, Security Blue Team, or cloud providers (AWS, Azure, GCP) are a strong plus
• Experience implementing and managing security tooling in one or more areas: WAF, bot mitigation, RASP, EDR, SIEM, CSPM, SAST/DAST, or API security platforms is required
• Proficiency in one or more languages such as Python, Go, or Bash for automating security controls and CI/CD workflows is required. Experience with formal SSDLC frameworks (e.g., OWASP SAMM) is a plus
• Experience securing backend APIs (REST, GraphQL, MCP) developed in languages like Node.js, Java, Python or Go is a plus
• Deep understanding of modern application architectures (cloud-native, microservices, APIs) and their security implications is required
• Solid experience with DevOps platforms and IaC (Kubernetes, Terraform, GitHub Actions, etc.) is a plus
• Capable of independently driving mission-critical initiatives to completion with accuracy and care, exercising sound judgment and discretion in the handling of sensitive or confidential information
• Strong written and oral communications skills. Ability to explain technical concepts to audiences at different levels

Salary Range:$140,000- $175,000 (Base Salary) + Bonus

As a candidate for this position, your salary and related elements of compensation will be contingent upon your work experience, education, skills and any other factors Major League Baseball (MLB) considers relevant to the hiring decision. In addition to your salary, MLB believes in providing a competitive compensation and benefits package for its employees. 

Top MLB Perks & Benefits

• 100% Employer Paid Medical/Dental/Vision Premiums
• Company Contributed 401K Plan
• Paid Time Off and Holidays
• Paid Parental Leave
• Access to Free Tickets to Baseball Games & MLB.TV
• Discounts at MLB Store | MLBShop.com
• Employee Assistance Programs (EAP)
• Onsite/Online Training & Development Programs
• Tuition Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Pet Insurance

Why MLB?

Major League Baseball (MLB) is the most historic of the major professional sports leagues in the United States and Canada. Employees love working at MLB because of the culture of growth, teamwork, and professionalism. Employees who are most successful at MLB take initiative, know how to identify problems and provide solutions, and always put the Team first. For those ready to step up to the plate and join the major leagues, MLB takes the same approach as teams do with their players: empowering our “workforce athletes” to be at their best by engineering experiences that put employees in the best position to succeed. Major League Baseball is looking for candidates who are passionate about growing America’s pastime to best serve its fans for decades to come.

MLB is proud to be an equal opportunity workplace.  We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

California Residents: Please see our California Recruitment Privacy Policy for more details.

Colorado Residents: Colorado based applicants may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Applicants requiring a reasonable accommodation for any part of the application and hiring process, please email us at [email protected]. Requests received for non-disability related issues, such as following up on an application, will not receive a response.

Are you ready to Step Up to the Plate? Apply below!