DevSecOps Engineer
Los Angeles, CA

Job Description

About Us:

FanDuel Group is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams, and leagues. The premier gaming destination in the United States, FanDuel Group consists of a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media, including FanDuel, Betfair US, DRAFT, and TVG. FanDuel Group has a presence across 45 states and 8 million customers. The company is based in New York with offices in California, New Jersey, Florida, Oregon, and Scotland.

About the Role:

"We're looking for a self-starter with highly technical skills in cloud and stack security. With a special focus on PAAS and containerized application security, the DevSecOps will focus on optimizing and automating security controls and processes for the Fanduel Group production cloud instances. Always on the bleeding edge of security and technology developments, the DevSecOps Engineer collaborates with developers, users, vendors and IT colleagues to provide tailored security solutions. As a member of the greater Information Technology Team, DevSecOps Engineer will work across various IT functional areas to develop strategic and implementation plans for information systems security. The DevSecOps Engineer thrives in a demanding and highly flexible environment against both short and long-term deliverables.

Implement and provide security support for the Fanduel Group US cloud based customer platform and internal corporate environment. Utilize a variety of computing architectures (e.g., cloud (AWS, O365, GCP). Collaborate with developers, staff, IT colleagues, and vendors to identify security requirements, and recommend solution options. We're the field. The person will be a member of the Information Technology team and will work across various IT functional areas to develop strategic and implementation plans for information systems security. Must be able to work in high pressure, highly flexible environment against both short and long-term requirements. He/she will be charged with securing the Fanduel Group production cloud environments, and internal infrastructure services.

What You'll Do:

* Responsible for security of internal and customer facing applications, company infrastructure, and connected 3rd party vendors.
* Ensure secure configuration and operation of cloud networks, load balancers and firewalls (Cloud armor, WAF, etc)
* Maintain contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards, technologies, and cyber threats.
* Assist in design of enhancements to the cloud security strategy by identifying and alerting on appropriate event types.
* Experience with securing Active Directory/LDAP, Linux, as well as containerized applications.
* Identify, evaluate, and conduct proof-of-concepts for new technologies, enabling secure development of core architectural components.
* Develop business relationships and integrate security activities with other departments to ensure successful implementation and support security project efforts.
* Mentor security analyst, and information technology organization in understanding and adhering to cloud architecture design standards and guidelines. Promote knowledge sharing within the technical communities.

Required Qualifications:

* Minimum 5 years of experience working in an Information Security role.
* Knowledge of cloud DevSecOps, scripting, and automation for containerized applications.
* Minimum 3 years of experience securing cloud and containerized applications is required.
* Minimum 2 years of experience working with large, complex networks and systems.
* Security+, CISSP, CCSK, CCSP or equivalents.

Job Skills and Knowledge:

* Experience in a hands-on role setting up and supporting cloud based internal and customer facing applications, using ISO 27001, PCI, and/or NIST security standards.
* Subject matter expert on leading multiple cyber security projects.
* In depth knowledge and understanding of Intrusion Prevention Systems, Firewalls, and associated best practices for securing internet facing databases as well as communication between the Internet, multiple DMZ's, and cloud based services.
* Hands-on experience administering, securing and working with O365, AWS, and GCP servers, and containerized applications at scale.
* In depth knowledge of cloud security and design of security on large scale applications supporting high throughput dynamic loads.
* Understanding of Database security a plus.
* Programming/scripting experience as related to security automation.
* Ideal candidate will have an intimate understanding of technology and be motivated to constantly learn new technologies.
* Knowledge of vulnerability scanning and/or internal penetration testing.
* PCI/PII/GDPR rules, and compliance.
* Excellent organizational and analytical skills.

What you get in return:

Beyond working with such a great team?

* An exciting environment with real growth
* Contribute to exciting products used by a highly passionate user base
* Personal learning and development opportunities
* 401K plan with company match
* 100% coverage of health insurance premiums

There's more, but we don't want to go on and on!

FanDuel is an equal opportunities employer. Diversity and inclusion in FanDuel means that we respect and value everyone as individuals. We don't tolerate bias, judgment or harassment. Our focus is on developing employees so that they reach their full potential.