MLS is looking for a passionate, organized, and detail-oriented information security specialist to join the Information Security Office. The security specialist will possess CISSP certification to identify and communicate potential and emerging information security threats, vulnerabilities, and appropriate technical controls in the Sports and Hospitality industry, specifically in stadium venues.

Problem-solving and the ability to evolve processes to meet business transformation and security requirements are essential elements of this position.  The security specialist will drive threat and vulnerability management and support the development of an enterprise-wide security program.  The individual in this role will proactively identify and mitigate risk through awareness training, conducting internal and third parties’ assessments.

• Develop and manage the enterprise vulnerability management lifecycle from discovery to remediation throughout the technology and service portfolio
• Conduct regular assessment of Web and Internal applications, Cloud Infrastructure, APIs, Networks, IoT devices, and mobile applications
• Work closely with Information Security Engineer and vSOC team to test the efficacy of existing security controls and help create new detection
• Support the implementation of a comprehensive security program that covers the League office and MLS Clubs
• Continuously evaluate and evolve existing methodologies to solve complex security challenges through vendor engagement and technical services
• Develop threat models against internal and external systems and design best practices for how they should operate securely
• Assist with the development of the security education and awareness training program that stays relevant to business activities and current threats
• Maintain Runbooks to continually improve security testing methodologies and threat modeling and lead readiness initiatives for compliance with domestic and global obligations
• Well informed of new technologies and advancements in security services and provide regular briefings to Technology management
• Work in dynamic, fast-paced environments that require regular team interaction and coordination of efforts

• Bachelor’s degree
• 4+ years of experience in information security
• CISSP certification
• Working knowledge of common information security standards, such as CIS and OWASP
• Ability to lead security projects and collaborate with partners and business units across divisions
• Demonstrated commitment to training, self-study, and maintaining proficiency in the information security domain
• Motivated self-starter with excellent interpersonal, communication, and presentation skill and the ability to create technical reports
• Working experience with Pen testing and reporting
• Web and Cloud applications vulnerability scanners expertise
• Knowledge of vulnerability management best practices
• Ability to analyze system and network event logs for incident handling
• Knowledge of compliance, audit process, third-party risk assessments, and data privacy

Desired Skills

• Knowledge of the sport of soccer
• Experience developing and delivering security awareness training and assessments