Founded in 1917, the National Hockey League (NHL®) is the premier professional ice hockey league in the world, and is one of the major professional sports leagues in the United States and Canada. With more than 600 employees across offices in New York, Toronto and Montreal, the NHL is a global sports and entertainment organization committed to building healthy and vibrant communities using the sport of hockey to celebrate fans of every race, color, religion, national origin, gender identity, age, sexual orientation, and socio-economic status. At the NHL, we are looking for dynamic, energetic and impactful individuals who are committed to doing the same by sharing in our philosophy that Hockey is for Everyone – and inclusion belongs on the ice, in the locker rooms, boardrooms and stands.

Benefits to working at National Hockey League include:

  • Medical/ Dental/ Vision insurance effective on the date of hire

  • 401(K) Plan and Defined Contribution Pension Plan

  • Annual Bonus

  • Generous PTO policy

  • Commuter Benefit Program

  • Paid Company Holidays

OVERVIEW & ESSENTIAL DUTIES The NHL Information Security team is looking for a diligent and motivated Information Security Analyst with a focus on application development and cloud native security. This position will contribute to the league’s comprehensive cybersecurity program with an emphasis on the development lifecycle, data management, and supporting technologies.

This role will:

  • Learn and understand the evolving development processes and architectures for a wide variety of on-premise and cloud-based applications and systems

  • Work with the various business and technology teams to assist with integrating information security practices and requirements at the beginning of their development process

  • Assess and report upon the application and infrastructure threat landscape through architecture reviews, cyber threat intelligence, and vulnerability assessments

  • Help with monitoring systems and logs for security breaches and investigating anomalies when they occur

  • Assist with security code reviews for a variety of languages as well as frameworks for cloud and mobile applications

  • Perform security reviews of third party software, development modules, libraries, and supply chain components

  • Participate in and evaluate penetration tests against applications and infrastructure

  • Contribute to our continuous improvement of incident response and vulnerability management

  • Assist development and operations teams with vulnerability analysis and remediation

  • Provide information security knowledge and outreach to development and operations teams

  • Document and report on issues identified during security reviews and assessments


The ideal candidate will have:

  • Proficiency with development and information security best practices

  • Knowledge of Windows and Linux system administration, network security, and operating system hardening

  • Experience with AWS application and service administration including compliance and security controls

  • Understanding of agile, CI/CD pipelines, and DevSecOps in a public and private cloud environment

  • Experience with developing, debugging, and evaluating operations of scripting languages such as Python, Bash, and PowerShell

  • Familiarity with Identity and Access Management (IAM) and supporting platforms such as Azure Active Directory and Okta

  • Awareness of common information and cybersecurity management frameworks, such as ISO 27001, ITIL, CIS, and NIST CSFa plus

  • Strong critical thinking, deductive reasoning, prioritization, and problem-solving skills

When applying, please be sure to include a cover letter with your salary expectations for this role. We thank all applicants for their interest in this opportunity, however only qualified candidates selected for an interview will be contacted. NO EMAILS OR PHONE CALLS PLEASE. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, age, disability, gender identity, marital or veteran status, or any other protected class.