Senior Security Engineer - Application Security

We’re defining what it means to build and deliver the most extraordinary sports and entertainment experiences. Our global team is trailblazing new markets, developing cutting-edge products, and shaping the future of responsible gaming.

Here, “impossible” isn’t part of our vocabulary. You’ll face some of the toughest but most rewarding challenges of your career. They’re worth it. Channeling your inner grit will accelerate your growth, help us win as a team, and create unforgettable moments for our customers.

The Crown Is Yours

As a Senior Security Engineer, you'll collaborate closely with Engineering teams to drive and evolve our web application firewall and application security programs. In this role, you'll focus on advancing the security of our web application firewall controls, overseeing comprehensive web and mobile application security, and proactively identifying and mitigating emerging threats. Your work will be instrumental in shaping our security strategies and contributing to the continuous growth and resilience of our technology infrastructure.

What you'll do as a Senior Security Engineer:

• Integrate security into the SDLC process, conducting SAST, DAST, and Secure Code Reviews throughout all development phases.

• Manage and enhance security for the CDN and WAF, including DoS/DDoS mitigation, credential-stuffing prevention, and overall cloud security posture improvement.

• Perform and oversee security reviews for Android and iOS applications, including vulnerability research, reproduction, and remediation.

• Secure our production workloads, including containers and container orchestration systems like Kubernetes.

• Participate in periodic off-hours escalation rotations for application security.

What you'll bring

• At least 5 years of experience in running Application Security program including SAST, DAST, DevOps practices, and integrating security inside CI/CD pipeline.

• Ability to secure DevOps platforms such as Terraform, Jenkins, Artifactory, Octopus Deploy, and container technologies like Docker, Kubernetes, and their cloud-managed counterparts (AWS EKS, GCP GKE).

• Experience and knowledge managing CDN, WAF, DDoS, password spraying, and bot prevention technologies (e.g., Akamai botman, Fastly, Cloudflare)

• Proficient in working with developers to remediate web and mobile application security vulnerabilities on Web, iOS, and Android platforms.

#LI-BF1

Join Our Team

We’re a publicly traded (NASDAQ: DKNG) technology company headquartered in Boston. As a regulated gaming company, you may be required to obtain a gaming license issued by the appropriate state agency as a condition of employment. Don’t worry, we’ll guide you through the process if this is relevant to your role.

The US base salary range for this full-time position is 110,200.00 USD - 137,800.00 USD, plus bonus, equity, and benefits as applicable. Our ranges are determined by role, level, and location. The compensation information displayed on each job posting reflects the range for new hire pay rates for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific pay range and how that was determined during the hiring process. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.