Senior Security Analyst
ABOUT FANDUEL GROUP
There are more ways to win, here at FanDuel. We’re willing to bet on it.
At FanDuel Group, we give fans a new and innovative way to interact with their favorite games, sports and teams. We’re dedicated to building a winning team and we pride ourselves on being able to make every moment mean more, especially when it comes to your career. So, what does “winning” look like at FanDuel? It’s recognition for your hard-earned results, a culture that brings out your best work—and a roster full of talented coworkers. Make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our teammates. From creatives professionals to cutting edge technology innovators, FanDuel offers a wide range of career opportunities, best in class benefits, and the tools to explore and grow into your best selves. At FanDuel, our principle of “We Are One Team” runs through all our offices across the globe, and you can expect to be a part of an exciting company with many opportunities to grow and be successful.
WHO WE ARE…
FanDuel Group is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams, and leagues. The premier gaming destination in the United States, FanDuel Group consists of a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media.
FanDuel Group has a presence across all 50 states with approximately 17 million customers and nearly 30 retail locations. The company is based in New York with offices in California, New Jersey, Florida, Oregon, Georgia, Portugal, Romania and Scotland.
Its network FanDuel TV and FanDuel+ are broadly distributed on linear cable television and through its relationships with leading direct-to-consumer OTT platforms.
FanDuel Group is a subsidiary of Flutter Entertainment plc, the world's largest sports betting and gaming operator with a portfolio of globally recognized brands and a constituent of the FTSE 100 index of the London Stock Exchange.
Our roster has an opening with your name on it
As a valued member of the Security Operations Center (SOC) team, the Senior Security Analyst will be responsible for early and accurate detection, response and containment of threats directed against the environment. This role requires advanced skills in intrusion detection and threat hunting to identify credible risks/adversaries to proprietary and sensitive data before a potential breach. Collaboration with security engineers, developers, vendors and business units to constantly improve the overall security posture will be the key to success at FanDuel Group. We’re looking for a team player with highly technical analytical skills.
THE GAME PLAN
Everyone on our team has a part to play
- Monitor and analyze network, server, endpoint, database and application activity for indicators of compromise and continuously tune rules to reduce false positives
- Security incident response, including supporting the identification and remediation of infrastructure related security incidents
- Scan, assess and mitigate vulnerabilities on internal company assets and FanDuel Group hybrid cloud-based customer platform
- Grow and mature Threat Intelligence program
- Contribute to information security process improvement and documentation
- Keep current with cybersecurity news and technology
- Maintain contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards, technologies, and cyber threats
- Hunt for existing and new threats within the network and endpoints
- Responsible for identifying and responding to insecure configurations of customer facing applications, internal company infrastructure, and 3rd party vendors
- Responsible for maintaining and improving the security for a large-scale customer facing hybrid environment and internal workplace
- Identify, evaluate and conduct proof-of-concepts for new technologies and collaborate with security engineers on implementation
- Develop business relationships and integrate activities with other departments to ensure successful implementation and support project efforts
- Mentor business units in understanding and adhering to cybersecurity guidelines and best practices at work and home. Promote knowledge sharing within the technical communities
- Foster and maintain good relationships with colleagues to meet or exceed expected customer service levels
- Maintain, support and improve security architecture
- Lead engagements with technology and business verticals to implement security best practices
- Be responsible for all aspects of security and ensure remediation of issues and/or automated methods to inhibit violations of security
- Automate alert collection, prioritize alerts based on likelihood / impact, define tasks and proccesses in ways that can be automated, ensure that controls implemented can be reviewed and audited, and contribute towards continual improvement initiatives
What we're looking for in our next teammate
- Minimum of 3 years’ of experience working in cybersecurity operations and incident response preferred, to include utilizing Security Information and Event Management (SIEM) platforms, Intrusion Detection/Prevention Systems (IDS/IPS), and Vulnerability Management and Threat Intelligence applications.
- Minimum of 2 years’ of experience working with large, complex networks and systems.
- Proficient with both macOS, Linux, and Windows operating systems
- Proficient in SQL and other query languages
- Knowledge of red teaming and/or internal penetration testing
- Knowledge of HTTP methods and other Internet protocols (TCP/IP, HTTPS, DNS, SMTP, etc.)
- Knowledge of the OWASP Top 10 web application security risks and how to minimize them
- Experience working with Cloud Technologies and platforms (AWS Preferrered)
- Experience in designing, implementing, and maintaining alerts using SIEMs or monitoring tools
- Experience in Threat Modeling and evaluating different controls and mitigations
- Ability to research and develop threat profiles, attacker activity, and trends
- Ability to analyze threat information based on suspected and known context
- Ability to correlate data and research using open source and custom repositories
- Ability to collaborate effectively within and across teams
- Excellent organizational and analytical skills, comfortable communicating and presenting investigation findings and insigts to all levels of the organization
- Skilled in troubleshooting and diagnosing issues
- Excellent time management skills and be accustomed to working within prescribed deadlines and SLAs
Nice to Have
- At least one of the following certifications with combined experience: CISSP, CEH, GCIH, GCFA, Security+, OSCP
- Forensics and/or malware analysis experience a plus
- Experience working with Webhooks and vendor API’s to exchange data and automate tasks
- Regulatory and compliance frameworks (PCI / CCPA / PII / GDPR, etc)
- Red Teaming / Pen Testing / Bug Hunting
- Development experience and working with GitHub or other code repositories
- Display leadership through credibility, responsiveness and ethics
- Entrepreneurial, hardworking with a bias for action and embraces continual development
- Passionate about learning the latest trends, technologies and security challenges
- Analytical, inquisitive, collaborative and persistent in working through problems to formulate appropriate solutions
- Willingness to teach, mentor and share professional expertise, knowledge, and skills to help others develop and grow
To be successful, you should be familiar with:
- Information security best practices, understanding of internal and external risks to the business, Threat actor groups and their Techniques, Tactics and Procedures (TTPs)
- Leveraging analytics and intelligence gathering to identify and detect attacks as quickly as possible and aggregate insights to prevent attacks from occurring in the future
- Program management - gathering user requirements, strategic vision, strategic planning, and program implementation
And interested in:
- Software engineering, architecture and development
- Data engineering and science
- Supporting: Detection Engineering, Adversary Engineering (Red Team), Incident Response, Information Risk Programs, and other security functions
We treat our team right
From our many opportunities for professional development to our generous insurance and paid leave policies, we’re committed to making sure our employees get as much out of FanDuel as we ask them to give. Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting and fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship and professional development resources to help you refine your game
- Flexible vacation allowance to let you refuel
- Hall of Fame benefit programs and platforms
FanDuel Group is an equal opportunities employer and we believe, as one of our principal states, “We Are One Team!” We are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, creed, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, and Veteran status. We believe FanDuel is strongest and best able to compete if all employees feel valued, respected, and included. We want our team to include diverse individuals because diversity of thought, diversity of perspectives, and diversity of experiences leads to better performance. Having a diverse and inclusive workforce is a core value that we believe makes our company stronger and more competitive as One Team!