Founded in 1917, the National Hockey League (NHL®) is the premier professional ice hockey league in the world, and is one of the major professional sports leagues in the United States and Canada. With more than 600 employees across offices in New York, Toronto and Montreal, the NHL is a global sports and entertainment organization committed to building healthy and vibrant communities using the sport of hockey to celebrate fans of every race, color, religion, national origin, gender identity, age, sexual orientation, and socio-economic status. At the NHL, we are looking for dynamic, energetic and impactful individuals who are committed to doing the same by sharing in our philosophy that Hockey is for Everyone – and inclusion belongs on the ice, in the locker rooms, boardrooms and stands.
Benefits to working at National Hockey League include:
Medical/ Dental/ Vision insurance effective on the date of hire
401(K) Plan and Defined Contribution Pension Plan
Annual Bonus
Generous PTO policy
Commuter Benefit Program
Paid Company Holidays
OVERVIEW & ESSENTIAL DUTIES The NHL Information Security team is looking for a diligent and motivated Information Security Analyst with a focus on application development and cloud native security. This position will contribute to the league’s comprehensive cybersecurity program with an emphasis on the development lifecycle, data management, and supporting technologies.
This role will:
Learn and understand the evolving development processes and architectures for a wide variety of on-premise and cloud-based applications and systems
Work with the various business and technology teams to assist with integrating information security practices and requirements at the beginning of their development process
Assess and report upon the application and infrastructure threat landscape through architecture reviews, cyber threat intelligence, and vulnerability assessments
Help with monitoring systems and logs for security breaches and investigating anomalies when they occur
Assist with security code reviews for a variety of languages as well as frameworks for cloud and mobile applications
Perform security reviews of third party software, development modules, libraries, and supply chain components
Participate in and evaluate penetration tests against applications and infrastructure
Contribute to our continuous improvement of incident response and vulnerability management
Assist development and operations teams with vulnerability analysis and remediation
Provide information security knowledge and outreach to development and operations teams
Document and report on issues identified during security reviews and assessments
QUALIFICATIONS
The ideal candidate will have:
Proficiency with development and information security best practices
Knowledge of Windows and Linux system administration, network security, and operating system hardening
Experience with AWS application and service administration including compliance and security controls
Understanding of agile, CI/CD pipelines, and DevSecOps in a public and private cloud environment
Experience with developing, debugging, and evaluating operations of scripting languages such as Python, Bash, and PowerShell
Familiarity with Identity and Access Management (IAM) and supporting platforms such as Azure Active Directory and Okta
Awareness of common information and cybersecurity management frameworks, such as ISO 27001, ITIL, CIS, and NIST CSFa plus
Strong critical thinking, deductive reasoning, prioritization, and problem-solving skills
When applying, please be sure to include a cover letter with your salary expectations for this role. We thank all applicants for their interest in this opportunity, however only qualified candidates selected for an interview will be contacted. NO EMAILS OR PHONE CALLS PLEASE. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, age, disability, gender identity, marital or veteran status, or any other protected class.
