FanDuel Group is a world-class team of brands & products all built with one goal in mind - to give fans new & innovative ways to interact with their favorite games, sports, teams, & leagues. Thats no easy task, which is why were so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means well never compromise when it comes to looking out for our team mates.
From our many opportunities for professional development, to our generous insurance & paid leave policies, were committed to making sure our employees get as much out of FanDuel as we ask them to give.
FanDuel Group is based in New York, with offices in California, New Jersey, Florida, Oregon & Scotland. Our brands include:
- FanDuel - A game-changing real-money fantasy sports app
- FanDuel Sportsbook - Americas #1 sports betting app
- TVG - The best-in-class horse racing TV / media network & betting platform
- FanDuel Racing - A horse racing app built for the average sports fan
- FanDuel Casino & Betfair Casino - Fan-favorite online casino apps
- FOXBet - A world-class betting platform & affiliate of FanDuel Group
- PokerStars - The premier online poker product & affiliate of FanDuel Group
Our roster has an opening with your name on it.
Were looking for a self-starter with the right technical skills in security & the ability to lead & mentor a team. The Director of DevSecOps will focus a team on practical matters relating to operational security of the FanDuel US cloud- & on-premise platforms. This will include working our bug bounty program to help triage reports & work with the relevant engineering teams to ensure that any potential exposures are closed down quickly.
The DevSecOps team will also work with the wider security team, providing assistance & guidance on how to manage issues that arise from routine audit work, helping, where necessary, to develop the solutions needed. In order to drive security good practice & build a good compliance posture throughout the engineering organisation, the DevSecOps team will work with the development teams to build security-related controls into their deployment pipelines & processes.
Furthermore, the DevSecOps team will build out a capability that engineering teams will use to self-certify, proving their security compliance, before their software ships to production. This role will also be charged with securing the Fanduel Group production cloud environments, & internal infrastructure services. There will also be an element of on-call support to the Director of DevSecOps role.
Always on the bleeding edge of security & technology developments, the Director of DevSecOps will collaborate with engineers, customers, vendors & IT colleagues to provide tailored security solutions. As a member of the wider technical controls team, the Director of DevSecOps must be capable of working in a flexible environment against both short & long-term delivery objectives.
THE GAME PLAN
Everyone on the DevSecOps team has a part to play; other facets of this role include:
- Responsibility for security of internal & customer facing applications, company infrastructure, & connected third party vendors.
- Ensuring secure configuration & operation of cloud networks, load balancers, edge protection & firewalls (WAF, etc.)
- Maintaining contact with vendors, industry peers, & professional associations to keep informed of existing & evolving industry standards, technologies, & cyber threats.
- Assisting in the design of enhancements to the cloud security strategy by identifying & alerting on appropriate event types.
- Experience of securing Active Directory / LDAP, Linux, as well as containerised applications.
- The ability to identify, evaluate, & conduct proof-of-concepts for new technologies, enabling secure development of core architectural components.
- Developing business relationships & integrate security activities with other departments to ensure successful implementation & support security project efforts.
- Mentoring the team of security analysts. Promoting knowledge sharing within the technical communities.
- Fostering & maintaining good relationships with colleagues to meet expected customer service levels & stakeholder expectations.
What were looking for in our next team mate:
- Extensive experience working in an Information Security role preferred.
- Good knowledge of cloud DevSecOps.
- Knowledge of securing cloud & containerised applications.
- Experience of working with large, complex networks & systems preferred.
- Security+, CISSP, CCSK, CCSP or equivalents.
- Experience in a hands-on role setting up & supporting cloud based internal & customer facing applications, using ISO 27001, PCI, & / or NIST security standards.
- Subject matter expert on leading multiple cyber security projects.
- In-depth knowledge & understanding of Intrusion Prevention Systems, firewalls, & associated best practices for securing internet-facing databases as well as communication between the Internet, multiple DMZs, & cloud-based services.
- Hands-on experience administering, securing & working with AWS & GCP servers, as well as containerised applications at scale.
- In-depth knowledge of cloud security & design of security on large scale applications that support high workloads.
- Understanding of database security is a plus.
- Programming experience as related to security automation.
- The ideal candidate will have an intimate understanding of technology & be motivated to constantly learn new technologies.
- Knowledge of vulnerability scanning & / or internal penetration testing.
- PCI / PII / GDPR rules, & compliance.
- Excellent organisational & analytical skills.
- Ability to communicate clearly & professionally with all levels of an organisation.
- Excellent interpersonal, verbal & written communication skills.
- Ability to prioritise, excellent time management skills & an ability to work to prescribed deadlines.
- Experience in evaluation & deployment of security concepts related to cloud (firewall, proxy, key management, IAM, certificate management).
- Python, Perl, SQL, TCP/IP, PowerShell, Ansible, Jenkins, GO CD.
- Continuous Integration (CI) / Continuous Deployment (CD).
- Experience developing security automation tasks for delivery pipelines.
We treat our team right
Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting & fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship & professional development resources to help you refine your game
- Flexible vacation allowance to let you refuel
- Hall of Fame benefit programs & platforms
FanDuel Group is an equal opportunities employer. Diversity & inclusion in FanDuel means that we respect & value everyone as individuals. We don't tolerate bias, judgement or harassment. Our focus is on developing employees so that they reach their full potential.