ABOUT THE NATIONAL HOCKEY LEAGUE
Founded in 1917, the National Hockey League (NHL®) is the premier professional ice hockey league in the world and is one of the major professional sports leagues in the United States and Canada.
With more than 1500 employees across the US and Canada, the NHL is a global sports and entertainment organization committed to building healthy and vibrant communities using the sport of hockey. At the NHL, we are looking for dynamic, energetic and impactful individuals who are committed to doing the same by sharing in our philosophy that Hockey is for Everyone.
WHAT WE EXPECT OF YOU
SUMMARY
The DevSecOps Engineer plays a pivotal role in integrating robust security practices throughout the Software Development Lifecycle (SDLC) and Infrastructure as Code (IaC) processes. This position partners closely with development, systems, and cloud operations teams to engineer and implement multi-layer cybersecurity solutions for both on-premise and cloud environments. By driving secure automation, managing CI/CD pipeline security, and ensuring compliance with leading frameworks such as NIST CSF, SOC 2, and GDPR, the DevSecOps Engineer helps safeguard the organization’s applications and infrastructure against evolving threats while fostering a culture of proactive security and continuous improvement.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Provide expertise and support to the development, systems, and cloud operations teams to integrate security seamlessly into the entire Software Development Lifecycle (SDLC) and Infrastructure as Code (IaC) processes
- Engineer and implement multi-layer cybersecurity solutions for on-premise and cloud environments. Integrate those solutions with existing automation and management processes and platforms
- Plan, develop, and manage CI/CD pipeline security testing, vulnerability scanning, configuration management, and supply chain security
- Perform and supervise security assessments, which includes penetration testing, vulnerability scans, and threat modeling for applications, APIs, and infrastructure. Coordinate with internal teams and external partners to remediate identified risks
- Evaluate, deploy, and manage advanced security tools and platforms, including static and dynamic code analysis tools, container security solutions, and cloud security posture management platforms, to enhance the security of applications and environments
- Ensure compliance with security frameworks and regulations such as NIST CSF, SOC 2, and GDPR by participating in security audits, risk assessments, and implementing necessary controls to address requirements
- Provide subject matter expertise and support to development and operations teams on secure coding practices, threat prevention, and compliance mandates. Plan, develop, and deploy training programs to facilitate the adoption of secure development methodologies
- Maintain knowledge of the latest security trends, vulnerabilities, and emerging technologies, recommend and implement continuous improvements to enhance the organization's security posture and ensure proactive protection against evolving threats
- Organize and maintain real-time security monitoring, alerting, and reporting mechanisms to provide visibility into security incidents and ensure ongoing compliance with security standards
QUALIFICATIONS
Knowledge Areas/Experience
Required
- 4+ years of experience in DevOps, Cybersecurity, and related roles, with demonstrated experience in integrating security practices into the development lifecycle
- Proficiency with CI/CD tools, including Gitlab, and expertise in automating security processes within these pipelines
- Strong understanding and hands-on experience with cloud security in AWS, including cloud-native security tools like AWS Security Hub
- Expertise in Infrastructure as Code (IaC) using tools like Terraform with a focus on securely automation and managing cloud environments
- Experience with security tools such as static and dynamic code analysis, container security (e.g. Prisma Cloud), and vulnerability management platforms
- Strong knowledge of threat modeling, vulnerability assessment, and penetration testing, with the ability to prioritize and remediate identified vulnerabilities
- Proficiency with Identity and Access Management (IAM) platforms, Zero Trust security models, and multi-factor authentication technologies
- Experience in compliance frameworks such as NIST, GDPR, and SOC 2, with practical experience with conducting security audits and risk assessments
- Proficiency with scripting and automation languages like Python, Bash, or PowerShell for automating security tasks and enhancing operational efficiency
- Experience with monitoring, log aggregation, and SIEM solutions to ensure real-time security monitoring and incident detection
- Knowledge of cloud architecture and AWS-specific best practices
Required Skills
- Ability to work independently and in a team environment
- Strong analytical, communication, and problem-solving skills
CORE COMPETENCIES
These core competencies reflect the underlying values that are necessary to represent the National Hockey League:
- Accountability
- Adaptability
- Communication
- Critical Thinking
- Inclusion
- Professionalism
- Teamwork & Collaboration
The NHL offers U.S. regular, full-time employees:
Time to Recharge: Utilize our generous Paid Time Off (PTO) to focus on your well-being and ensure a healthy work/life balance. PTO includes paid holidays, vacation, personal and sick days, plus an extra day off for your birthday.
Ability to Focus on your Health: Along with competitive salaries, the NHL offers comprehensive health benefits to employees and their eligible dependents effective on their first day with us – there is no waiting period. The NHL subsidizes a large portion of the health benefits costs, therefore your cost for medical, dental and vision coverage is minimal.
We also offer our employees and members of their household access to our Employee Assistance Program (EAP) to support mental, physical, and financial health. In addition, employees have access to a digital wellness resource designed to improve health and happiness through courses in sleep, movement, and focus. These services are confidential and at no-cost to our employees.
Childcare Leave: Because your family is the NHL family, employees are offered comprehensive Childcare Leave to welcome your new addition. The primary caregiver to the child is entitled to up to 12 weeks of paid Childcare Leave, at full pay, following the birth, adoption, or placement of a child.
Employees that are not the primary caregiver to the child are entitled to up to 6 weeks of paid Childcare Leave, at full pay, which must be taken within the first 6 months following the birth, adoption, or placement of a child.
Confidence in your Retirement Goals: Participate in the NHL’s Savings Plan which includes a 401K (pre-tax and Roth options) plus non-elective (employer) contributions to keep your retirement goals on track.
A Hybrid Work Schedule: The NHL recognizes the value of flexibility in work locations/schedules to help our employees balance work/life priorities. Hybrid work schedules are available for a majority of our roles.
Our New Headquarters: Our new, state of the art, offices are located at One Manhattan West in Hudson Yards. When you’re in the office, you can conduct meetings in one of our high-tech conference rooms, have lunch with a view or play in the game room. Employees can also enjoy New York’s newest neighborhood that is home to more than 100 shops, culinary experiences, and public artwork.
A Savings for Commuting: Participate in the NHL’s pre-tax commuter benefit plan which helps offset the financial cost of traveling to and from our office.
NHL Partner Rates: Unlock exclusive pricing from our Partners that include savings on travel, consumer goods and services, plus the NHL Store.
Life at the NHL: In your first few days, you meet with your new teammates and the HR Team. You have the opportunity to learn more about the NHL and our workplace culture. Employees are invited to play hockey during our Tuesday Night Skate at Chelsea Piers, join our Employee Resource Groups and more. You are a part of our team and we encourage you to be your authentic self, adding to our dynamic workplace culture.
SALARY RANGE:
$140-180K
Actual base pay for a successful candidate will be determined based on a variety of job-related factors, including but not limited to: experience/training, market demands, and geographic location.
When applying, please be sure to include a cover letter with your salary expectations for this role. We thank all applicants for their interest in this opportunity, however only qualified candidates selected for an interview will be contacted. NO EMAILS OR PHONE CALLS PLEASE.
We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, age, disability, gender identity, marital or veteran status, or any other protected class.
