Senior Security Engineer - DevSecOps
About The Position
At PrizePicks, we are the fastest-growing sports company in North America, as recognized by Inc. 5000. As the leading platform for Daily Fantasy Sports, we cover a diverse range of sports leagues, including the NFL, NBA, and Esports titles like League of Legends and Counter-Strike. Our team of over 450 employees thrives in an inclusive culture that values individuals from diverse backgrounds, regardless of their level of sports fandom. Ready to reimagine the DFS industry together? Our Security team works in Engineering on the Infrastructure team to further develop our security practices, write and implement security policies, advise on best practices while implementing tooling to protect the company and our remarkable customers.
Requirements
- 5+ years in DevSecOps, Security Engineering, or similar roles.
- Expertise with cloud platforms (GCP, AWS, Azure) and container orchestration (e.g., Kubernetes, ECS).
- Experience with cloud and container security tooling.
- Strong understanding of WAFs, bot mitigation, API gateways, and CDN security features.
- Proven experience performing secure design and architecture reviews.
- Proficiency with IaC tools (Terraform, OpenTofu, Helm, etc.) and integrating security scanners into pipelines.
Nice To Haves
- Extensive hands-on experience with Terraform, OpenTofu, and/or Crossplane.
- Experience with CrowdStrike.
- Solid understanding of CI/CD principles and experience with GitHub Actions and ArgoCD.
- Solid understanding of networking principles (e.g., VPCs, load balancing, firewalls) in a cloud environment.
- Knowledge of database management (SQL and NoSQL).
- Relevant certifications (e.g., Kubernetes and Cloud Native Security Associate, Certified Kubernetes Security Specialist, Google Professional Cloud Security Engineer, AWS Certified DevOps Engineer, AWS Certified Security - Specialty, Certified Kubernetes Administrator).
Responsibilities
- Manage and maintain edge and bot protection (e.g., WAF, CDN, DDoS mitigation).
- Perform security-focused infrastructure reviews for new product releases and architectural changes.
- Implement and maintain monitoring and alerting tools to detect cloud and container-related vulnerabilities and misconfigurations.
- Collaborate with DevOps and Engineering teams to embed security into CI/CD pipelines and deployment processes without slowing down delivery.
- Partner with Application Security and Engineering to implement security controls on opportunities identified during Threat Modeling.
- Lead initiatives around infrastructure-as-code (IaC) security and runtime protection to automate security controls and hardening.
- Assist with threat modeling, risk assessments, and provide security guidance during the development lifecycle.
- Collaborate with incident response teams, offering expert advice on cloud-related security issues to help resolve incidents quickly.
- Develop tooling or automation to support proactive remediation and continuous security validation.
- Track and report DevSecOps KPIs, such as mean time to remediate, security control coverage, and vulnerability trends.
Benefits
- Company-subsidized medical, dental, & vision plans
- 401(k) plan with company match
- Annual bonus
- Flexible PTO to encourage a healthy work/life balance (2 weeks STRONGLY encouraged!)
- Generous paid leave programs, including 16-week paid parental leave and disability benefits
- Workplace flexibility and modern work schedules focused on getting the job done, not hours clocked
- Company-wide in-person events and team outings
- Lifestyle enhancement program
- Company equipment provided (Windows & Mac options)
- Annual performance reviews with opportunities for growth and career development
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
