Application Security Engineer

Application Security Engineer

The NFL Information Security Office is seeking an Application Security Engineer who can positively impact the security of the NFL’s Media division. This person will be expected to weigh in on all areas that impact the Confidentially, Integrity and Availability of the NFL Information Assets including but not limited to: application architecture, code, SDLC, policies, network architecture and operations. Your role will be to balance the strategic and operational aspects of Security with the needs of a fast paced digital business model.


  • Ensure application software, databases and infrastructure are architected, designed and operate to uphold Application Security policies and best practices
  • Partner with Architects to plan application/infrastructure security road map and governance plans
  • Provide input and visibility into emerging application security technologies, deployment strategies and other security protocols to ensure awareness and compliance within the organization
  • Identify security requirements and improvements within the system development life cycle (SDLC) and change management processes
  • Perform quality assurance review for application security based documentation developed by other members of the team to ensure the application security was properly addressed
  • Review planned application changes and assesses security impact
  • Perform risk and vulnerability assessments needed to identify potential security risks
  • Develop risk mitigation plans
  • Review Security controls for third party application development
  • Provide crisis leadership during a security threat or breach
  • Create and / or approve security documentation for projects and support
  • Support compliance and audit-related initiatives if/as required


  • Bachelor’s degree in Computer Science, Engineering, Mathematics, or a related discipline
  • 5 – 7 years of IT experience of which 3 – 5 years experience in a security related discipline
  • One of the following certifications or equivalent experience:
  • Experience performing application threat modeling, penetration testing, security testing and code reviews
  • Experience with static and dynamic code testing methodologies
  • Proven experience with many of the tools listed including but not limited to the following: Windows, Linux, Unix, VMware, iOS, Android, Oracle, SQL Server, Domino, Cold Fusion, C, C++, C#, Objective C, Swift, Java, Apache Web Server, HTML, AJAX, Perl Scripting, Python
  • Familiarity with Rugged DevOps best practices
  • Proficient knowledge and in-depth understanding of how business and technical processes integrate
  • Solid knowledge and experience with Open Web Application Security (OWASP) Top 10
  • Experience with PCI, HIPAA and PII related regulatory requirements
  • Communication and Documentation skills
  • Certified Information Systems Security Professional (CISSP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • GIAC Secure Software Programmer (GSSP) preferred

Certificates, training, and/or licenses:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • GIAC Secure Software Programmer (GSSP) preferred

Back to top