Senior Cloud and AppSec Engineer

We're defining what it means to build and deliver the most extraordinary sports and entertainment experiences. Our global team is trailblazing new markets, developing cutting-edge products, and shaping the future of responsible gaming.
Here, "impossible" isn't part of our vocabulary. You'll face some of the toughest but most rewarding challenges of your career. They're worth it. Channeling your inner grit will accelerate your growth, help us win as a team, and create unforgettable moments for our customers.
The Crown Is Yours
As a Senior Cloud and Application Security Engineer, you'll collaborate closely with Engineering teams to drive and evolve our Secure SDLC and DevSecOps programs. In this role, you'll focus on advancing the security of our cloud workloads, overseeing comprehensive web and mobile security, and proactively identifying and mitigating emerging threats. Your work will be instrumental in shaping our security strategies and contributing to the continuous growth and resilience of our technology infrastructure.
What you'll do as a Senior Cloud and Application Security Engineer

• Manage and enhance security at the CDN, WAF, and cloud levels (AWS, GCP), including DoS/DDoS mitigation, credential-stuffing prevention, and overall cloud security posture improvement.
• Integrate security into the SDLC process, conducting SAST, DAST, and Secure Code Reviews throughout all development phases.
• Perform and oversee security reviews for Android and iOS applications, including vulnerability research, reproduction, and remediation.
• Conduct comprehensive security testing of mobile application workflows (iPhone and Android), addressing identified security issues.
• Participate in periodic off-hours escalation rotations for application security.

What you'll bring

• At least 5 years of experience in Information Security, with a strong focus on mobile application security testing for Android and iOS platforms.
• Proficiency in CDN, WAF, and bot prevention technologies (e.g., Akamai, Fastly, Cloudflare), as well as cloud service providers AWS and GCP.
• Experience with Cloud Security Posture Management tools such as Wiz, Prisma Cloud, and Lacework, as well as dynamic testing tools like BurpSuite and Zed Attack Proxy (ZAP).
• Expertise in DevOps practices, including CI/CD pipelines and automation tools (e.g., Terraform, Jenkins, Artifactory, Octopus Deploy), and container technologies like Docker, Kubernetes, and their cloud-managed counterparts (AWS EKS, GCP GKE)

#LI-BF1
Join Our Team
We're a publicly traded (NASDAQ: DKNG) technology company headquartered in Boston. As a regulated gaming company, you may be required to obtain a gaming license issued by the appropriate state agency as a condition of employment. Don't worry, we'll guide you through the process if this is relevant to your role.
The US base salary range for this full-time position is 104,000.00 USD - 130,000.00 USD, plus bonus, equity, and benefits as applicable. Our salary ranges are determined by role, level, and location. The compensation information displayed on each job posting reflects the range for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range and how that was determined during the hiring process. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.