DraftKings is hiring a

Security Engineer

Boston, United States

Founded in 2012, DraftKings offers players the opportunity to compete through web and mobile in 1-day or 1-week fantasy sports contests for real cash prizes.  We have cemented the foundation of the rapidly evolving Daily Fantasy Sports (DFS) market.  With offices in Boston, New York, and London we bring first-class experiences and the industry's biggest contests to our players.  We’ve acquired millions of users competing in tens of thousands of contests a week coining performance phrases along the way.  Ever heard of a Gronk?  That’s when our usage “spikes” into the seven figures of concurrent users per minute. Be a part of our success story and engineer an industry.

Reporting to the Director of Technical Operations, the TechOps Security Engineer performs specialized and complex information security “white-hat” analysis work.​ The position works closely with the DevOps & Product Engineering teams to solve technical problems involving security scan findings & remediations, application security implementation, infrastructure security changes and software architecture security.​

Role Responsibilities

  • White Hat ethical hacking of our systems
  • Evaluate and improve our code in-transit and at-rest encryption solutions for existing and new services in our SaaS cloud environment.
  • Design and implement Security Automation tools for testing, monitoring, and reporting
  • Manage all 3rd party security vulnerability scans and remediation of found risks.
  • Lead and champion threat modeling and other security design and review efforts
  • Experience with applied cryptography including PKI, SSL, key management, SSH identities
  • Understand, use, and champion application security best practices
  • Always be looking for better, more efficient security monitoring and mitigation tools.
  • Help automate enforcement of PCI and ISO 27001 requirements in our environments.
  • Strong troubleshooting skills

Minimum Requirements of the DevOps Security Engineer

  • BS, MS in Computer Science / Engineering or equivalent
  • Substantial cyber security technical experience in Software Development
  • Strong understanding of Linux, Windows and TCP/IP fundamentals
  • Experience with – PCI compliant environments, Splunk, Rapid7, Web App Firewalls, Akamai security offerings, AWS IAM Policies and Incident response processes.
  • Object-oriented programming experience in Python, Ruby, C# etc.
  • Experience with Amazon Web Services, Terraform, Cloudformation or other AWS automation tools is highly preferred.
  • Strong understanding of UDP, TCP protocols
  • Strong knowledge of large-scale internet service architecture.
  • Knowledge of and conversant with NIST80053/​66, OWASP