Security Engineering Manager
We are DraftKings.
We’re inspired by our shared passion for developing creative solutions to complex challenges and empowering the people around us to do their best work. We are industry leaders in the digital entertainment and technology space propelled by constant curiosity and diverse perspectives.
Our teams are fueled by innovation. We are looking ahead, building what’s next, and continuously reinventing the industry. We’re a publicly traded (NASDAQ: DKNG) technology company headquartered in Boston, with teams around the world and an expanding global presence.
Lead a groundbreaking team.
We’re growing quickly and are searching for a Information Security Engineering Maager to contribute hands-on technical leadership to our Security Team. As a technology company that handles large volumes of customer data, your goal will be to efficiently allocate resources to set priorities and maximize our security strategies. This includes developing metrics and detailed reporting for senior executives, maintaining strategic plans based on operational lessons learned and Threat Intelligence inputs, and acting as a mentor to senior level and junior engineers, helping them grow key skills necessary to our business needs. Sound good to you? Join us.
What you’ll do as a manager for Security Engineering
- Formulate red and blue teaming strategies aligned to business objectives and adjust security team priorities to maintain a strategic focus.
- Work with third parties to practice and test all red and blue team solutions.
- Form meaningful relationships with relevant stakeholders across the enterprise to build and maintain a comprehensive model of applicable, feasible threats and risks to the business.
- Present findings within a context relative to the overall risk posture of the enterprise.
- Develop training plans for the team which includes business and technical training.
- Mentor senior level and junior engineers to grow key skills required by the business; identify and cultivate high-potential individuals.
- Maintain excellent customer interaction by presenting technically sound findings and solutions, solicited and unsolicited ideas for system enhancements, and ensuring operational perspective is captured in solutions.
- Ensure appropriate rigor in our solutions by employing a questioning attitude and engaging subject matter experts as appropriate.
What skills you will use:
- Ideally, you have 5+ years of red team experience from reputable cyber security firm.
- Deep knowledge of Data Security, Networking, Cyber Attack Vectors, Application security, and Agile Development processes.
- Deep IR and Forensic analysis experience.
- 3+ years leadership experience in Cybersecurity organization.
- Experience scripting in languages such as Bash, Python & Powershell as well as a working knowledge of logging technologies (Splunk/Elk/Kibana).
- Security experience in one or more of: JS, C, C#, C++, cryptography, reverse engineering, common web vulnerabilities (SQLi, XSS, CSRF), exploit development.
- 3-5 years of cloud security experience, preferably within AWS or GCP.
- Experience in infrastructure as code, Terraform or Cloudformation.
- Experience applying and managing infosec systems such as Rapid7 Products, Palo Alto Prisma, AWS Guard Duty, bug bounty programs, EDR systems, MS ATA, etc.
- Ability to analyze and determine the applicability/validity of data, asses risk. and make appropriate recommendations.
- Deep understanding of vulnerability management and validation processes.
- Manage Vulnerability and Pentesting activities both internally and with third parties.
- CISM, CISSP or CCSP a plus.
We strive to create a place where all feel safe, empowered, engaged, championed, and inspired. DraftKings is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.
Ready to build what’s next? Apply now.
As a regulated gaming company, you may be required to obtain a gaming license issued by the appropriate state agency as a condition of employment.