Incident Response Engineer

at  FanDuel

ABOUT FANDUEL

FanDuel Group ("FanDuel") is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams, and leagues. The premier gaming destination in the United States, FanDuel consists of a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media.
FanDuel has a presence across all 50 states with approximately 17 million customers and 28 retail locations. FanDuel is based in New York with offices in New Jersey, Georgia, California, Oregon, Canada and Scotland.
Its networks FanDuel TV and FanDuel+ are broadly distributed on linear cable television and through its relationships with leading direct-to-consumer over-the-top platforms.
FanDuel Group is a subsidiary of Flutter Entertainment plc, the world’s largest sports betting and gaming operator with a portfolio of globally recognized brands and traded on the New York Stock Exchange (NYSE: FLUT).

THE POSITION

Our roster has an opening with your name on it
We are looking for an experienced Incident Response Engineer with a developer mindset. The successful candidate will be responsible for incident response operations with cloud security expertise within the FanDuel Group Security Operations Center. You will write runbooks for existing detections from prior incidents, security assessments, vulnerability scans, and pentests. You will also be responsible for writing new detections that come out of post incident reviews to continuously develop and improve SOC processes, ensuring prompt responses and proper handling of security events to protect our customers, platform, and company.
Collaboration with security engineers, developers, vendors and business units to constantly improve the overall security posture will be the key to success at FanDuel Group. We are One Team and looking for a team player with highly technical skills to continue to drive automation, efficiency, and resiliency to respond swiftly to risks and threats. This role will be collaborating with Enterprise Security, Software Security, and Detection and Automated Response teams to build incident response runbooks to drive high fidelity detections and automated remediation. We are looking for someone who wants the challenge of defending against attackers at scale through the team, our technology, and processes.

THE STATS

What we’re looking for in our next teammate

• Empathetic contributor who has experience operating effectively across teams and disciplines in highly ambiguous and rapidly changing environments and have successfully executed on ambitious projects
• In-depth knowledge of security methodologies , security architectures, security protocols, and industry-standard technologies
• Customer-focused engineer who can communicate effectively with our stakeholders and security teams to help empower decisions and move changes forward, especially during incidents
• Significant experience working in Security with proficiency in Security Information and Event Management (SIEM), Security Orchestration Automation Response (SOAR), Cloud Security, Intrusion Detection/Prevention Systems (IDS/IPS), Web Application Firewalls, and Vulnerability Management and Threat Intelligence applications.
• Proficiency in building log pipelines, parsing logs, and building grok patterns and regex expressions
• Ability to automate security incident playbooks with version-controlled AWS Lambdas, scripts and API enabled tooling
• Experience building detections as code and incorporating feedback loops to enable continue improvement
• Excellent communication skills both verbal and written to help articulate and lead Incident response processes; ability to write about technical subjects to a wide audience for reporting on security incidents in regulated industries
• Bachelor of Science degree in Information Security, Engineering, Computer Science or related field preferred
• At least one of the following certifications with combined experience: CISSP, CEH, GCIH, GCFA, Security+, OSCP
• Security experience with cloud native company expanding across multiple environments from, *nix/Windows operating systems, cloud resources (e.g. AWS, GCP, O365), and customer-facing web applications
• Deep knowledge of attacker methodologies and techniques and corresponding incident response methodologies to detect and protect.

Please refer the Job description for details