Director, Threat Detection & Response

About The Position

Requirements

• Built and scaled security operations functions — in fast-paced, product-driven environments — and have the outcomes and metrics to show for it.
• Led multi-functional security organizations — including managers and senior ICs, and know how to cultivate high performance without burning people out.
• Real engineering depth — in at least one of these domains: detection engineering, security automation, SIEM/SOAR platforms, or threat intelligence — and can credibly engage with your teams at a technical level.
• Led response to serious security incidents — and your teams come out of them better than they went in — with improved playbooks, tooling, and process to prove it.
• Strong cross-functional operator — who knows how to partner with engineering, product, and fraud teams to move at the speed a consumer business requires.
• Turn ambiguity into structure — built programs and frameworks where none existed, and made them stick across a complex organization.
• Communicate risk in a way that moves people — clear, confident, and grounded in data — whether in a post-incident review or presenting to the C-suite.

Nice To Haves

• Background in regulated or consumer-facing industries — fintech, gaming, e-commerce, or similar — where speed and trust are equally non-negotiable.
• Experience building cloud-native detection and security engineering capabilities at scale (AWS, GCP, or Azure environments).
• Familiarity with adversary simulation, red team operations, or offensive security methodologies — even without direct program ownership.
• Prior ownership of threat intelligence programs or vulnerability management at an organization with a broad, complex attack surface.
• A track record of redefining how security effectiveness is measured — with program health framed around engineering throughput, automation coverage, and risk reduction rather than analyst activity.
• Experience applying AI, ML, or large-scale automation to detection and response — whether building models, integrating intelligent tooling, or rearchitecting how the team triages and contains threats.
• Experience in high-growth or startup environments where you’ve had to build capability faster than the threat landscape moves.

Responsibilities

• Lead the team responsible for real-time monitoring, alert triage, incident response, and the tooling that keeps our security posture sharp and responsive 24/7 (Security Operations Engineering).
• Design, build, and continuously improve detection logic, SIEM content, behavioral analytics, and automated response workflows — grounded in threat intelligence and adversary emulation (Detection Engineering).
• Build and mature a threat intelligence capability that feeds detection, informs response, and gives FanDuel early visibility into adversaries, TTPs, and emerging risks most relevant to our business and customers (Threat Intelligence).
• Work closely with partner teams to bring engineering rigor and strategic coherence to how FanDuel identifies, prioritizes, and reduces exposure — building the connective tissue between threat intelligence, detection, and risk reduction at scale (Vulnerability Management).
• Lead and scale high-performing teams across Security Operations Engineering, Detection Engineering, Threat Intelligence, and Vulnerability Management — including senior managers and staff-level ICs.
• Define and drive a unified security operations strategy that aligns detection, response, intelligence, and risk reduction into a coherent, outcome-driven program.
• Build and mature engineering-led capabilities: SIEM/SOAR platforms, detection-as-code practices, behavioral analytics, threat intel pipelines, and automated response playbooks.
• Apply adversary-centric frameworks — MITRE ATT&CK, threat modeling, adversary emulation — to continuously evolve coverage, reduce dwell time, and improve detection fidelity.
• Partner closely with Fraud, Product, and Customer Operations to align on shared threat surfaces, incident response coordination, and risk signal sharing across the business.
• Develop and mentor senior managers and ICs; build a culture of technical excellence, psychological safety, and clear accountability.
• Communicate operational risk, security posture, and program outcomes to executive leadership with precision — translating signals into decisions, not noise.
• Define and deliver OKRs anchored in engineering output and risk reduction: detection coverage expansion, automation containment rates, signal precision, and detection-as-code deployment velocity — not analyst throughput or ticket volume.
• Champion an AI-first approach to security operations — integrating automation, ML-driven detection, and intelligent triage to compound the team’s impact without linearly compounding headcount.
• Drive continuous improvement in process, tooling, coverage, and incident readiness — including post-incident reviews that produce measurable program changes, not just documentation.
• Evaluate and evolve the security tooling stack — partnering with vendors and internal engineering teams to ensure capabilities keep pace with the threat landscape and support a code-first operating model.

Benefits

• Amazing benefits above and beyond the basics.
• Array of health plans to choose from (some as low as $0 per paycheck).
• Programs for fertility and family planning.
• Mental health support.
• Fitness benefits.
• Generous paid time off (PTO & sick leave).
• Annual bonus opportunities (based on performance).
• Long-term incentive opportunities (based on performance).
• 401k with up to a 5% match.
• Commuter benefits.
• Pet insurance.
• Medical insurance.
• Vision insurance.
• Dental insurance.
• Life insurance.
• Disability insurance.
• Paid personal time off.
• 14 paid company holidays.
• Paid sick time.