FanDuel Group is a world-class team of brands and products all built with one goal in mind - to give fans new and innovative ways to interact with their favourite games, sports, teams, and leagues. That’s no easy task, which is why we’re so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our team mates. From our many opportunities for professional development, to our generous insurance and paid leave policies, we’re committed to making sure our employees get as much out of FanDuel as we ask them to give.
FanDuel Group is based in New York, with offices in California, New Jersey, Florida, Oregon and Scotland. Our brands include:
- FanDuel - A game-changing real-money fantasy sports app
- FanDuel Sportsbook - America’s #1 sports betting app
- TVG - The best-in-class horse racing TV / media network and betting platform
- FanDuel Racing - A horse racing app built for the average sports fan
- FanDuel Casino & Betfair Casino - Fan-favorite online casino apps
- FOXBet - A world-class betting platform and affiliate of FanDuel Group
- PokerStars - The premier online poker product and affiliate of FanDuel Group
Our roster has an opening with your name on it.
We’re looking for a self-starter with the right technical skills in security. As a Senior DevSecOps Engineer, you will focus on practical matters relating to the operational security of the FanDuel US cloud- and on-premise platforms. This will include working our bug bounty program to help triage reports and work with the relevant engineering teams to ensure that any potential exposures are closed down quickly. The DevSecOps team will also work with the wider security team, providing assistance and guidance on how to manage issues that arise from routine audit work, incidents, helping, where necessary, to develop the solutions needed. In order to drive security good practice and build a good compliance posture throughout the engineering organisation, the DevSecOps team will work with the development teams to build security-related controls into their deployment pipelines and processes. Furthermore, the DevSecOps team will build out a capability that engineering teams will use to self-certify, proving their security compliance, before their software ships to production. This role will also be charged with securing the Fanduel Group production cloud environments, and internal infrastructure services. There will also be an element of on-call support in this role.
Always on the leading edge of security and technology developments, you will collaborate with engineers, vendors and IT colleagues to provide tailored security solutions. As a member of the wider technical controls team, you must be capable of working in a flexible environment against both short and long-term delivery objectives.
THE GAME PLAN
Everyone on the DevSecOps team has a part to play; other facets of this role include:
- Responsibility for security of internal and customer facing applications, company infrastructure, and connected third party vendors.
- Ensuring secure configuration and operation of cloud networks, load balancers, edge protection and firewalls (WAF, etc.)
- Maintaining contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards, technologies, and cyber threats.
- Assisting in the design of enhancements to the cloud security strategy by identifying and alerting on appropriate event types.
- Experience of securing Linux and containerised applications.
- The ability to identify, evaluate, and conduct proof-of-concepts for new technologies, enabling secure development of core architectural components.
- Developing business relationships with other departments to ensure successful implementation of security projects.
- Promoting security knowledge sharing within technical communities.
- Fostering and maintaining good relationships with colleagues to meet expected customer service levels and stakeholder expectations.
What we’re looking for in our next team mate:
- Extensive experience working in an Information Security role preferred.
- Good knowledge of cloud DevSecOps.
- Knowledge of securing cloud and containerised applications.
- Experience of working with large, complex networks and systems preferred.
- Security+, CISSP, CCSK, CCSP or equivalents.
- Experience in a hands-on role setting up and supporting cloud based internal and customer facing applications, using ISO 27001, PCI, and / or NIST security standards.
- In-depth knowledge and understanding of Intrusion Prevention Systems, firewalls, and associated best practices for securing internet-facing databases as well as communication between the Internet, multiple DMZs, and cloud-based services.
- Hands-on experience administering, securing and working with AWS and GCP servers, as well as containerised applications at scale.
- In-depth knowledge of cloud security and design of security on large scale applications that support high workloads.
- Understanding of database security is a plus.
- Programming experience as related to security automation.
- The ideal candidate will have an intimate understanding of technology and be motivated to constantly learn new technologies.
- Knowledge of vulnerability scanning and / or internal penetration testing.
- PCI / PII / GDPR rules, and compliance.
- Excellent organisational and analytical skills.
- Ability to communicate clearly and professionally with all levels of an organisation.
- Excellent interpersonal, verbal and written communication skills.
- Ability to prioritise, excellent time management skills and an ability to work to prescribed deadlines.
- Experience in evaluation and deployment of security concepts related to cloud (firewall, proxy, key management, IAM, certificate management).
- Python, Perl, SQL, TCP/IP, PowerShell, Puppet, Ansible, Jenkins, GO CD.
- Continuous Integration (CI) / Continuous Deployment (CD).
- Experience developing security automation tasks for delivery pipelines.
WHAT YOU GET IN RETURN
- An open and collaborative team who value and respect each other.
- An autonomous environment where you are empowered to make decisions.
- A new technical challenge around every corner, we’re never short of interesting problems to solve.
- An excellent wellbeing package including, flexible working & uncapped holidays, employee assistance program, full medical, dental and optical cover and cycle to work scheme.
- Excellent development opportunities including, 10% time, hackathons, conference attendance, online and in-office training and a preference to promote from within.
- A stress-free financial package inclusive of, pension, life assurance, share save scheme, value creation rewards and season ticket commuter loans.
We’re very proud of the company we have created and the biggest contributor to our success is our people. We strive to create an environment that allows people to bring their whole selves to work, one that promotes a healthy work/life balance and one that is dedicated to supporting the personal and professional development of its people.
FanDuel Group is an equal opportunities employer. Diversity and inclusion in FanDuel means that we respect and value everyone as individuals. We don't tolerate bias, judgement or harassment. Our focus is on developing employees so that they reach their full potential.FanDuel Group is an equal opportunities employer. Diversity and inclusion in FanDuel means that we respect and value everyone as individuals. We don't tolerate bias, judgement or harassment. Our focus is on developing employees so that they reach their full potential.