Security Vulnerability and Threat Engineer
ABOUT FANDUEL GROUP
There are more ways to win, here at FanDuel. We’re willing to bet on it.
At FanDuel Group, we give fans a new and innovative way to interact with their favorite games, sports and teams. We’re dedicated to building a winning team and we pride ourselves on being able to make every moment mean more, especially when it comes to your career. So, what does “winning” look like at FanDuel? It’s recognition for your hard-earned results, a culture that brings out your best work—and a roster full of talented coworkers. Make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our teammates. From creatives professionals to cutting edge technology innovators, FanDuel offers a wide range of career opportunities, best in class benefits, and the tools to explore and grow into your best selves. At FanDuel, our principle of “We Are One Team” runs through all our offices across the globe, and you can expect to be a part of an exciting company with many opportunities to grow and be successful.
WHO WE ARE…
FanDuel Group is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams, and leagues. The premier gaming destination in the United States, FanDuel Group consists of a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media.
FanDuel Group has a presence across all 50 states with approximately 17 million customers and nearly 30 retail locations. The company is based in New York with offices in California, New Jersey, Florida, Oregon, Georgia, Portugal, Romania and Scotland.
Its network FanDuel TV and FanDuel+ are broadly distributed on linear cable television and through its relationships with leading direct-to-consumer OTT platforms.
FanDuel Group is a subsidiary of Flutter Entertainment plc, the world's largest sports betting and gaming operator with a portfolio of globally recognized brands and a constituent of the FTSE 100 index of the London Stock Exchange.
Our roster has an opening with your name on it
As a valued member of the Cybersecurity team, the Security Vulnerability and Threat Engineer will be responsible for conducting, reviewing and providing remediations for vulnerabilities detected in physical endpoints, cloud infrastructure, code and applications in a programmatic way. Working closely with product verticals, you will escalate critical vulnerabilities based on active threats or feasibility from threat modeling.
Collaboration with security analysts, GRC, developers, vendors and business units to constantly improve the overall security posture will be the key to success at FanDuel Group. We’re looking for a team player with creative problem-solving skills. In this position, you will have the opportunity to contribute to the security and resiliency of FanDuel applications and systems.
THE GAME PLAN
Everyone on our team has a part to play
- Develop custom tools and services to assess and test the vulnerability of the FanDuel ecosystem
- Support vulnerability management platform and interface with business and developers to ensure vulnerability management meets service level objectives
- Improve the vulnerability management process, to include bug bounty program
- Maintain current knowledge of threat landscape, attacker techniques and mitigations
- Validate, prioritize and communicate scan results to key business partners in a programmatic way to drive remediation
- Triage all findings reported from external sources like bug bounty and vulnerability disclosure program
- Execution of emergency (e.g. zero day) vulnerability management including research, coordination of response, and escalation/communication to senior leadership
- Identify opportunities for automation to eliminate toil and improve machine learning capabilities
- Perform threat and risk modeling for new and existing systems and devices
- Must have experience working with vendor APIs and integrating with Security Information and Event Management (SIEM) platforms and ticketing systems
- Collaborate closely with Detection and Response, Product and Software Security teams
- Maintain contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards, technologies, and cyber threats
- Develop business relationships and integrate activities with other departments to ensure successful implementation and support project efforts
What we're looking for in our next teammate
- Minimum of 2-4+ years of experience in Information Security
- Experience designing, building, implementing, and/or maintaining vulnerability and configuration management technologies in an enterprise level environment
- Code in one or more programming languages, such as Python, Go or Java
- Proficiency with working with large, complex networks and systems
- Knowledge of secure software development life cycle (SSDLC), DevSecOps, Cloud, CI/CD pipeline and SSDLC process automation is desired
- Experience developing code for collecting and injecting data from security vendors API’s for automation
- Experience working under a regulatory framework e.g. ISO-27001, GDPR, PCI, etc.
- Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
- Proficiency in multi-tasking and prioritizing projects
- Excellent verbal and written communication skills
- Excellent time management skills and be accustomed to working within prescribed deadlines
- CEH or OSCP certification
- Experience working in AWS and/or GCP
- Infrastructure as Code in Terraform or CloudFormation
- Knowledge of containers and container orchestration, such as Docker and Kubernetes
- Ansible or Chef configuration management
- Secret management in HashiCorp Vault, Akeyless, SOPS or KMS
- Experience working with Security Operations and Engineering teams to provide input for regulatory and security audit items
- Ability to write architectural security design documents or review design documents provided by others.
We treat our team right
From our many opportunities for professional development to our generous insurance and paid leave policies, we’re committed to making sure our employees get as much out of FanDuel as we ask them to give. Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting and fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship and professional development resources to help you refine your game
- Flexible vacation allowance to let you refuel
- Hall of Fame benefit programs and platforms
FanDuel Group is an equal opportunities employer and we believe, as one of our principal states, “We Are One Team!” We are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, creed, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, and Veteran status. We believe FanDuel is strongest and best able to compete if all employees feel valued, respected, and included. We want our team to include diverse individuals because diversity of thought, diversity of perspectives, and diversity of experiences leads to better performance. Having a diverse and inclusive workforce is a core value that we believe makes our company stronger and more competitive as One Team!