Madison Square Garden Entertainment Corp. (MSG Entertainment) is a leader in live entertainment, delivering unforgettable experiences while forging deep connections with diverse and passionate audiences. The Company’s portfolio includes a collection of world-renowned venues – New York’s Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall, and Beacon Theatre; and The Chicago Theatre – that showcase a broad array of sporting events, concerts, family shows, and special events for millions of guests annually. In addition, the Company features the original production, the Christmas Spectacular Starring the Radio City Rockettes, which has been a holiday tradition for 90 years. More information is available at www.msgentertainment.com.
Who are we hiring?
The Senior Manager Information Security is responsible for developing, integrating, and documenting security practices at Sphere Studios. You should be a solution-oriented security professional with experience designing and maintaining secure systems across a variety of environments, ensuring that security is embedded into the development, deployment, and operations lifecycle. The ideal candidate is a security-focused technologist with experience in automation, cloud security, and secure software development practices for a major production studio. This person will collaborate closely with Studio technology and development teams to ensure that security is an integral part of the continuous integration and continuous deployment (CI/CD) pipelines. The Senior Manager Information Security will drive initiatives in security automation, security governance, cloud infrastructure protection, and perform regular monitoring to ensure compliance with security standards.
What will you do?
- Security Automation: Implement security controls and monitoring systems for CI/CD pipelines, focusing on automation for vulnerability management, configuration management, and patching.
- Cloud Security: Develop and maintain cloud security best practices, ensuring secure architecture, network segmentation, and management of cloud environments (AWS, Azure, GCP).
- Collaboration with DevOps: Partner with development teams to embed security into development processes. Ensure security is considered in all stages of the product lifecycle, from design to production.
- Infrastructure as Code (IaC): Ensure that infrastructure is codified and automated with security embedded at every layer, using tools like Terraform, Ansible, or CloudFormation.
- Threat Modeling and Risk Mitigation: Conduct threat modeling exercises for new projects, identify vulnerabilities, and recommend mitigation strategies.
- Security Testing: Implement and maintain automated security testing within the CI/CD pipeline, including static code analysis (SAST), dynamic application security testing (DAST), and software composition analysis (SCA).
- Network Security: Assist with the development and adoption of network security baselines.
- Incident Response: Collaborate on incident response activities, including incident triage, investigation, remediation, and ensuring post-incident reviews drive improvements in system resilience and security.
- Compliance and Auditing: Work with compliance teams to ensure that security controls align with regulatory/compliance requirements such as Trusted Partner Network (TPN), CIS, federal/state/local privacy laws, and other relevant frameworks.
- Governance: Identify gaps in existing security policies/procedures/standards and assist with the definition of requirements for Studio technology teams.
- Other security duties as assigned.
What do you need to succeed?
Required Qualifications
- 5+ years of experience in a DevSecOps, DevOps, or Security Engineering role.
- Strong understanding of cloud security best practices in AWS, Azure, and GCP environments.
- Experience with container security and orchestration tools like Kubernetes, Docker, etc.
- Expertise in Infrastructure as Code tools such as Terraform, Ansible, or CloudFormation.
- Familiarity with security frameworks like OWASP, NIST, and CIS benchmarks.
- Hands-on experience with CI/CD tools like Jenkins, GitLab CI, or CircleCI.
- Proficient in scripting languages such as Python, Bash, or PowerShell.
- Experience with security tools such as Palo Alto Firewalls, SentinelOne, AWS Security Hub, or similar.
- Bachelor's degree in Computer Science, Information Security, Information Systems, or related field.
Preferred Certifications
- AWS Solutions Architect
- Experience in an information security role at a production studio
Special Requirements
- Work related travel will be required (Domestic or International)-15%-20%
Onsite
Pay Range
$113,000—$200,000 USD
At MSG, we recognize the importance of upskilling employees’ talents and strengths so they can drive their careers forward. We are proud to offer a robust set of tools and resources to help employees understand their interests and purpose, harness their talents and obtain the skills they need to reach the next step in their careers. Growth and longevity for our employees are top priorities here.
We value diversity and are looking for extraordinary employees of all backgrounds! MSG is an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, sexual and reproductive health choices, national origin, citizenship, age, genetic information, disability, or veteran status. In addition to federal law mandates, MSG complies with all applicable state and local laws governing nondiscrimination in all locations and will consider requests for reasonable accommodations as required.