Defining what it means to build and deliver the most extraordinary sports & entertainment experiences.The Crown is Yours
Staff Security Engineer, AI
Location
Massachusetts
Posted
2 days ago
Salary
$160.7K - $200.9K / year
Seniority
Lead
Job Description
Staff Security Engineer, AI
DraftKings Inc.
• Set the security standards and guardrails for the AI platform. • Define the principles, reference architectures, and policy-as-code that all AI tooling at DraftKings adheres to, so that many teams can build agents and workflows while still meeting a consistent security bar. • Focus on specifying the environment, infrastructure, and authentication methods agents rely on, rather than reviewing every individual implementation. • Review and build the architecture of AI gateways and tooling. • Provide security review, sign-off, and possibly pair on implementation of these systems, and the systems that they interface with. • Make the security review process scale. • Streamline how AI services move through InfoSec review on their way to production, so the bar stays high but does not become the bottleneck. • Reduce AI-driven security noise. • Partner with platform and detection teams on telemetry (tool-call metrics, auditing agents over that data) and on lightweight controls like standardized system prompts that cut unnecessary investigations without slowing engineers down. • Drive remediation efforts of complex, cross-functional security issues. When relevant, you’ll be called into investigations to assist. • Coach and raise the bar. Mentor security and platform engineers, lead technical and SME discussions on AI security, and elevate the team's overall capability in this space.
Job Requirements
- 7+ years experience in engineering - building and operating systems in production.
- 5+ years experience contributing and advising on security design.
- Broad security fluency across infrastructure and enterprise security - endpoint protection, network security, identity, SaaS tools, and cloud security - even if your deepest expertise is in application and product security.
- Deep hands-on ability to debug systems issues.
- Experience writing high quality code in a typed and untyped programming language.
- Excellent collaboration and communication skills — you can align engineering, platform, privacy, legal, and leadership stakeholders, and you bias toward enabling teams rather than blocking them.
- Ability to manage competing priorities and thrive in a fast-paced, dynamic environment.
Benefits
- bonuses
- equity
- benefits as applicable
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
VP, Security & Compliance
DynataThe world’s largest first-party data company for insights, activation & measurement
• Own Dynata's enterprise security strategy — define the roadmap, prioritize investment, and align security controls with business objectives across cloud, corporate applications, and data platforms. • Establish and maintain a Zero Trust security architecture spanning AWS, Azure, and GCP environments. • Oversee threat intelligence, vulnerability management, and incident response programs. • Manage Dynata's Security Operations Center (SOC) — including 24/7 monitoring coverage, alert triage, escalation protocols, and continuous improvement of detection and response capabilities.
Senior Security & Risk Management Specialist
Reinsurance Group of America, IncorporatedTrusted Partner. Proven Results.
• Act as strategic bridge between technical security controls and enterprise compliance • Automate, design, configure, and sustain scalable IRM capabilities • Translate regulatory, risk, audit, and compliance requirements into platform configurations • Monitor and evaluate control, regulatory, and security processes • Collaborate with compliance, security, and risk professionals on related projects • Develop and administer training and awareness campaigns • Facilitate incoming audits and assessments • Participate in the development of policies, standards, controls, and procedures
Role Description The Director of Security is responsible for designing, implementing, and leading a comprehensive physical security program for a multi-site corporate environment, with alignment and collaboration with Information Security for corporate offices and critical spaces. The primary focus is protecting employees, executives, facilities, and physical assets through robust policies, technologies, and daily operational practices, while partnering with IT to safeguard systems housed in corporate spaces. Essential Functions - Design, implement, and oversee physical security systems for offices and campuses, including access control, CCTV, intrusion detection, duress systems, and visitor management platforms. - Participate in the development and implementation of the enterprise security architecture and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirements. - Manage the day-to-day activities of the team to include the hiring and training of new team members, coaching employees and monitoring performance. - Review and determine risks within the environment and recommend security products and/or processes to assist in mitigating risks. - Monitor information systems for security incidents and vulnerabilities including the development of monitoring and visibility capabilities, report on incidents, vulnerabilities, and trends. - Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches including interacting and collaborating with third-party incident responders. - Administer authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets. - Analyze trends, news and changes in threat and compliance environment with respect to organizational risk and advise management and develop and execute plans for compliance and mitigation of risk. - Perform risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments. - Perform comprehensive threat/risk assessments and business impact analysis of current system, data, application and technology environments to determine possible internal and external threats to information assets and identify security measures required to counter such threats. - Create, edit and adhere to Standard Operating Procedures (SOPs), process improvements, and standardization of templates. - Perform ad-hoc and cross-functional duties and/or projects assigned to support business needs and provide developmental opportunities. Qualifications - Bachelor’s degree in information technology or related field with 10+ years of industry related experience is required; OR High School Diploma with 14+ years of industry related experience is required. - 10+ years of experience with computer hardware for storage, desktops, and servers is required. - 10+ years of experience with Routers, Firewalls, Switches, DNS, and DHCP is required. - 10+ years of experience with access control systems, CCTV including installation, configuration, and best practices are required. Knowledge, Skills, & Abilities - Knowledge of data analysis, correlation, anomaly detection, and threat hunting (red, purple, blue team). - Strong knowledge of security best practices. - Deep understanding of information security best practices. - Knowledge of basic computer hardware for both desktops and servers. - Knowledge of Palo Alto or Cisco firewall technologies. - Knowledge of Routers, Firewalls, Switches, DNS, and DHCP. - Strong understanding of TCP/IP, subnetting, routing, access control lists, firewalls, Site-to-Site and Client VPN, NAT and network traffic analysis, and edge configurations. - Strong Knowledge of routing protocols such as OSPF, BGP and static routes. - Ability to work in a dynamic and demanding environment and make decisions quickly. Working Environment / Physical Environment - The position will work onsite or remote based on the candidate’s geographic location. - Regular work schedule is Monday – Friday, within standard business hours. Flexibility is available with manager approval. - Must possess mobility to work in a standard office setting and to use standard office equipment, including a computer. - Lift and carry materials weighing up to 20 pounds. Benefits - Medical, Dental and Vision Plan Options. - Health and Financial Wellness Programs. - Employer Assistance Program (EAP). - Company Paid and Voluntary Life/AD&D, Short-Term and Long-Term Disability. - Healthcare and Dependent Care Flexible Spending Accounts. - 401(k) Retirement Plan with Company Match. - 529 Education Savings Program. - Voluntary Legal Services, Identity Theft Protection, Pet Insurance and Employee Discounts, Rewards and Perks. - Paid Time Off (PTO) includes: 11 Holidays. - Exempt Employees are eligible for Unlimited PTO. - Non-Exempt Employees are eligible for 10 Vacation Days, 56 Hours of Health Pay, 2 Personal Days and 1 Cultural Day.
Senior Cyber Security Specialist
ICFWe are not a typical consulting firm and our people are not typical consultants.
Role Description ICF is seeking a Senior Cyber Security Specialist to support a secure federal ServiceNow program with multiple mission workstreams. This role is responsible for helping maintain the security posture of the platform and supporting the security activities that keep development, testing, release, and sustainment efforts aligned to federal cybersecurity requirements. The ideal candidate is an experienced security professional who can work across infrastructure, application, data, and development teams to support vulnerability management, access control, system authorization, and continuous monitoring. You will help ensure security is built into the lifecycle of the solution, not added after the fact, while also supporting operational workflows, release readiness, and compliance tracking in a fast-paced Agile environment. Job Location: - Remote work is authorized. - Must support US Eastern time zone working hours. - Preference to candidates who live in the Washington DC metro area. If you accept this position, you should note that ICF does monitor employee work locations, blocks access from foreign locations/foreign IP addresses, and prohibits personal VPN connections. What You Will Do - Support the security posture of enterprise ServiceNow systems and related applications. - Assist with security governance, system authorization, and continuous monitoring activities. - Develop, maintain, and update security documentation and artifacts such as SSPs, POA&Ms, risk registers, and related compliance materials. - Support ATO efforts, security assessments, evidence gathering, and control validation. - Track and remediate vulnerabilities, scan findings, and security issues through closure. - Coordinate with developers, administrators, testers, and program stakeholders to ensure security findings are understood and addressed. - Support access control reviews, role-based permissions, least-privilege practices, and secure user administration. - Help evaluate security implications of workflow changes, data integrations, releases, and configuration updates. - Support audit preparation, findings response, and ongoing compliance reporting. - Monitor and document security process changes, configuration updates, and remediation actions. - Contribute to secure release practices, including validation of fixes and scan remediation before deployment. - Support incident and issue triage from a security perspective when needed. Qualifications - Must be a U.S. citizen and possess an active Top Secret security clearance, as required by the federal contract. - Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field. - 6+ years of relevant experience in information security, cybersecurity, or system security roles. - 6+ years of experience supporting federal security frameworks such as FISMA, NIST RMF, or similar. Requirements - 4+ years of experience supporting ATO processes, security documentation, and continuous monitoring. - 4+ years of experience with vulnerability management, security scanning tools, or remediation workflows. - 3+ years of experience conducting risk assessments, security analysis, or compliance reviews. - 3+ years of experience supporting cloud or enterprise system security. - Experience supporting federal ServiceNow environments or other enterprise workflow platforms. - Familiarity with RMF artifacts, ATO packages, POA&M tracking, and continuous monitoring programs. - Experience with identity and access management, role governance, or least-privilege design. - Experience supporting secure release practices, scan remediation, or DevSecOps workflows. - Familiarity with vulnerability tools, static/dynamic analysis, or cloud security controls. - Experience supporting audit response, corrective action tracking, or security governance meetings. - Relevant cybersecurity certification such as Security+, CISSP, or equivalent. Professional Skills - Demonstrated ability to communicate security issues clearly to technical and non-technical stakeholders. - Strong organizational skills and attention to detail for compliance tracking and evidence management. Pay Range The pay range for this position based on full-time employment is: $89,649.00 - $152,404.00.




