Staff Product Security Engineer

About The Position

Requirements

• Extensive security engineering experience with broad and deep expertise across multiple security practices.
• A demonstrated track record of defining and delivering multi-year security strategy in ambiguous, fast-moving environments.
• Proven expertise in AI/LLM security architecture, including the threat landscape, the mitigation patterns, and the governance models that make AI adoption safe at scale.
• Experience leading threat modeling, penetration testing, and risk assessment programs at scale, including evolving methodology and personally leading high-stakes engagements.
• Experience working within or strategically evolving a bug bounty or vulnerability disclosure program (HackerOne or similar) and closing the loop between external findings and material change.
• A track record of maturing vulnerability and risk management programs, including the data, systems, and reporting capabilities that support leadership decision-making.
• A track record of building automation and tooling that scales security capabilities and reduces toil.
• Deep familiarity with modern cloud infrastructure (AWS, GCP, or Azure), CI/CD pipelines, and software development environments at scale.
• Deep experience building and scaling reusable security patterns and assets across an engineering organization.
• Strong coding skills in at least one modern programming language (Python, Go, or similar).
• Solid command of industry frameworks (NIST, ISO 27001, OWASP, MITRE ATT&CK, SOC 2) and a pragmatic view on how and when to apply them.
• Experience mentoring senior engineers and shaping technical culture across an organization.

Responsibilities

• Define the multi-year vision and strategy for how Product Security engages with engineering, and set the standards that make secure design the path of least resistance across FanDuel.
• Partner with leadership across the business to shape direction, work through trade-offs, and make sure security is a first-class input into our engineering strategy.
• Set the direction for AI/LLM security architecture across FanDuel by defining the controls, patterns, assessment frameworks, and governance models that let us ship AI-powered products safely and at speed.
• Evolve the methodology behind our threat modeling, penetration testing, and risk assessment programs, and lead the highest-stakes engagements yourself.
• Evolve our HackerOne bug bounty and vulnerability disclosure programs, ensuring external findings feed back into systemic improvements
• Build automation and tooling that shifts our efforts into scalable, repeatable, build-secure-by-default systems.
• Lead and evolve the Security Champions program, embedding security judgment across every engineering team at FanDuel.
• Drive the continued maturation of our vulnerability and risk management program, including its data, systems, and reporting capabilities.
• Own and maintain a library of reusable security reference architectures and design patterns, keeping it current with the technology landscape and evolving threat environment.
• Mentor other engineers, shape technical culture, and help grow the next generation of security leaders across the organization.
• Adapt your role to fill technical or organizational gaps as the program evolves.
• Other duties as required.

Benefits

• Health plans
• Fertility and family planning programs
• Mental health support
• Fitness benefits
• Generous paid time off (PTO & sick leave)
• Annual bonus
• Long-term incentive opportunities
• 401k with up to a 5% match
• Commuter benefits
• Pet insurance
• Medical insurance
• Vision insurance
• Dental insurance
• Life insurance
• Disability insurance
• 401(k) matching program
• Paid personal time off
• 14 paid company holidays
• Paid sick time