At DraftKings, AI is becoming an integral part of both our present and future, powering how work gets done today, guiding smarter decisions, and sparking bold ideas. It’s transforming how we enhance customer experiences, streamline operations, and unlock new possibilities. Our teams are energized by innovation and readily embrace emerging technology. We’re not waiting for the future to arrive. We’re shaping it, one bold step at a time. To those who see AI as a driver of progress, come build the future together.

As a Security Analyst I, you will protect our digital infrastructure, including cloud environments, web applications, office and data center networks, and sensitive data, from various cyber threats. In this role, you will be responsible for triaging security events, managing vulnerabilities, coordinating security operations projects, and enhancing our defensive strategies. With access to best of class cybersecurity tools, you'll play a key role in maintaining the integrity and safety of our infrastructure.
 

What you’ll do as a Security Analyst I

Triage cybersecurity alerts as they come in and take necessary remediation or escalation paths. 

Protect our cloud environments, IT environments, web and mobile applications, and office and data center networks in order to maintain operational excellence of DraftKings security posture. 

Perform vulnerability assessments on all corporate systems, including user endpoints, servers, production workloads, and other infrastructure.

Lead small to mid-sized Security Operations projects such as alert tuning, automation, scripting, and coding.

Coordinate with other Draftkings’ teams to manage vulnerabilities and risk.

Test the effectiveness of security measures by participating in pentesting exercises.

Ability to effectively communicate security concepts to stakeholders and recommend risk mitigation steps to the team.

What you’ll bring  

At least 2 years of cybersecurity work experience.

Professional experience triaging alerts from Endpoint Detection and Response (EDR) tools such as CrowdStrike and Microsoft Defender.

Fundamental understanding of public cloud computing platforms like AWS, or GCP and applying that understanding to triaging security alerts from Cloud Detection and Response tools.

Professional experience using incident response procedures and assisting security investigations.

Excellent written and oral communication skills for cross team and vertical collaboration.

Familiarity with vulnerability management platforms such as Rapid7 or Qualys.

Security+, AWS Solutions architect associate, CEH, or CISSP certifications are a plus.

Understanding of vulnerability rating systems such as CVE, CWE, OWASP Top 10.

Experience with programming or scripting languages such as Python or PowerShell.
 

#LI-OK1

We’re a publicly traded (NASDAQ: DKNG) technology company headquartered in Boston. As a regulated gaming company, you may be required to obtain a gaming license issued by the appropriate state agency as a condition of employment. Don’t worry, we’ll guide you through the process if this is relevant to your role.