Major League Soccer is seeking a highly technical and hands-on Director, Applications and Data Security to support the security of the League’s digital products, enterprise applications, APIs, cloud services, data platforms, AI-enabled capabilities, and third-party technology integrations.

This role is responsible for helping ensure MLS systems are designed, built, integrated, and operated securely. The role will work closely with Digital Product, Engineering, Data, Enterprise Applications, and external partners to provide practical security guidance across application security, cloud security, data security, AI security, threat modeling, vulnerability management, and secure software development practices.

The ideal candidate is hands-on, technically credible, collaborative, and comfortable operating across both strategic and technical work. This person should be able to translate security risk into clear, actionable guidance that supports innovation, fan engagement, operational resilience, responsible use of League data, and the secure adoption of emerging technologies.

• Serve as the primary security partner for MLS digital product, application, engineering, data, and enterprise technology teams.
• Lead hands-on security reviews of applications, websites, APIs, cloud services, data platforms, third-party integrations, SaaS platforms, internally developed products, and AI-enabled solutions where applicable.
• Perform application security testing using manual review and automated tools, including SAST, DAST, IAST, software composition analysis, container scanning, secrets detection, and related security tooling.
• Conduct threat modeling for new and existing products, applications, APIs, data workflows, integrations, cloud-native services, sensitive data environments, and emerging technology use cases.
• Review application architecture, authentication, authorization, session management, data flows, logging, encryption, input validation, API design, and secure configuration patterns.
• Partner with digital product and engineering teams to embed secure-by-design principles, security requirements, and practical controls into the software development lifecycle.
• Identify, document, prioritize, track, and validate remediation of product, application, cloud, API, data security, and software supply chain findings.
• Support vulnerability management for applications, APIs, code repositories, containers, open-source dependencies, third-party software components, and vendor-developed solutions.
• Evaluate and help mitigate security risks across MLS data platforms, data pipelines, analytics environments, data integrations, sensitive data workflows, and approved AI use cases.
• Define, maintain, and improve security requirements, standards, patterns, checklists, and guidance for application security, product security, data protection, access control, encryption, tokenization, data retention, secure data sharing, and responsible use of AI-enabled technologies.
• Support secure CI/CD implementation, including security gates, code scanning, dependency checks, container image validation, secrets management, deployment controls, and automation opportunities.
• Review third-party product integrations, SaaS platforms, APIs, SDKs, technology partnerships, AI-enabled tools, and vendor-developed applications for product, application, and data security risks.
• Collaborate with third-party risk management, legal, privacy, procurement, incident response, and technology teams to support vendor reviews, security events, impact assessments, containment, and remediation.
• Communicate technical findings, risk, business impact, remediation options, program metrics, recurring issues, and security posture trends to engineering, business, legal, privacy, and executive stakeholders.
• Serve as a senior hands-on security advisor for high-priority MLS initiatives involving fan-facing platforms, enterprise applications, cloud services, data systems, AI-enabled capabilities, and third-party integrations.

Education and Experience

• Bachelor’s degree in Computer Science, Information Security, Engineering, Information Technology, or a related field, or equivalent practical experience.
• 8+ years of experience in cybersecurity, application security, product security, software engineering, cloud security, data security, or related technical security disciplines.
• 5+ years of hands-on experience performing application security, product security, secure code review, API security review, threat modeling, or security architecture work.
• Experience working directly with product managers, software engineers, application owners, data teams, enterprise application teams, and business stakeholders.
• Experience supporting security in cloud environments such as AWS, Azure, or GCP.
• Experience securing modern application environments, including APIs, microservices, containers, CI/CD pipelines, SaaS platforms, and third-party integrations.
• Experience supporting security for data platforms, data warehouses, analytics environments, data pipelines, or sensitive business data workflows is strongly preferred.

Required Skills

• Strong hands-on knowledge of application security, product security, API security, secure SDLC, threat modeling, vulnerability management, secure architecture principles, and emerging technology risk.
• Ability to perform technical security reviews of applications, APIs, cloud services, integrations, data flows, SaaS platforms, third-party technologies, and AI-enabled solutions where applicable.
• Experience with application security testing tools and methods, including SAST, DAST, IAST, SCA, container scanning, secrets scanning, and manual validation.
• Strong understanding of common application and API risks, including OWASP Top 10, OWASP API Security Top 10, authentication flaws, authorization issues, injection risks, data exposure, insecure deserialization, and business logic vulnerabilities.
• Working knowledge of cloud security concepts, including IAM, network segmentation, encryption, logging, key management, workload security, and secure cloud architecture.
• Familiarity with CI/CD platforms, DevSecOps practices, source code repositories, build pipelines, deployment workflows, automation, security gates, and risks associated with AI-assisted software development.
• Experience with container and Kubernetes security concepts, including image scanning, runtime security, secrets handling, admission controls, and workload isolation.
• Ability to read and understand code in one or more programming or scripting languages, such as Python, Java, JavaScript, TypeScript, Go, C#, Ruby, or similar languages.
• Strong understanding of data security principles, including data classification, access control, encryption, data loss prevention, data retention, tokenization, masking, secure data sharing, and risks across data pipelines, data warehouses, analytics platforms, and approved AI use cases.
• Strong written and verbal communication skills, including the ability to document findings, write remediation guidance, develop security standards, create reusable engineering guidance, and explain technical risk to engineering, business, legal, privacy, and executive stakeholders.
• Ability to influence teams without direct authority, drive security outcomes through partnership and credibility, and operate hands-on without direct reports while providing director-level ownership, judgment, and accountability.

Total Rewards

Major League Soccer offers a competitive starting base salary of $165,000 - $185,000, based on individual qualifications, market financials, and operational business needs. We are committed to providing a Total Rewards package that attracts, supports, engages, and retains talent. Our benefits package includes comprehensive medical, dental, and vision coverage, a $500 wellness reimbursement, and generous Holiday and PTO schedule to promote work-life balance. We also prioritize career and professional development, offering on-the-job training, feedback, and ongoing educational opportunities. 

 Major League Soccer believes in the value of in-person collaboration to support teamwork, creativity, and connection. Employees in this role are expected to work a four (4) day in-office schedule, with the flexibility to work remotely one (1) day each week, based on business and department needs. 

 Major League Soccer is an equal opportunity employer. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability, genetic information, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.  

 Major League Soccer is committed to providing reasonable accommodations to individuals with disabilities throughout the application and hiring process, as well as during employment. Applicants who require an accommodation may contact Human Resources to request assistance.

 Join our team and help support the growth and success of Major League Soccer.