Director, Threat Detection & Response

THE POSITION
Our roster has an opening with your name on it

FanDuel is looking for a Director of Threat Detection & Response who sits at the intersection of deep engineering expertise and executive-level leadership. You’ll own the teams and programs responsible for keeping FanDuel’s platforms, data, and customers safe — and you’ll build the operational maturity to scale with one of the fastest-growing companies in sports gaming.

This is a highly visible, senior leadership role spanning four critical security domains: Security Operations Engineering, Detection Engineering, Threat Intelligence, and Vulnerability Management. You’ll define strategy, lead high-performing teams, and partner cross-functionally with Product, Fraud, and Customer Operations to translate risk signals into clear, decisive action.

We’re looking for someone who came up through the technical ranks — who has built detection systems, run incident response, and understands what makes security engineering excellent — and who is now equally effective advising executives and operating at board-room scale. If you’re energized by ownership, ambiguity, and building something that truly matters, this is your role.

In addition to the specific responsibilities outlined above, employees may be required to perform other such duties as assigned by the Company. This ensures operational flexibility and allows the Company to meet evolving business needs.

THE GAME PLAN
Everyone on our team has a part to play

Four pillars. One mission: detect, respond, and reduce risk with precision.

• Security Operations Engineering — The operational backbone. You’ll lead the team responsible for real-time monitoring, alert triage, incident response, and the tooling that keeps our security posture sharp and responsive 24/7.
• Detection Engineering — The engineering discipline at the core of how we find threats. Your team designs, builds, and continuously improves detection logic, SIEM content, behavioral analytics, and automated response workflows — grounded in threat intelligence and adversary emulation.
• Threat Intelligence — The signal that drives everything else. You’ll build and mature a threat intelligence capability that feeds detection, informs response, and gives FanDuel early visibility into adversaries, TTPs, and emerging risks most relevant to our business and customers.
• Vulnerability Management — A growing capability you’ll help shape. You’ll work closely with partner teams to bring engineering rigor and strategic coherence to how FanDuel identifies, prioritizes, and reduces exposure — building the connective tissue between threat intelligence, detection, and risk reduction at scale.
• Lead and scale high-performing teams across Security Operations Engineering, Detection Engineering, Threat Intelligence, and Vulnerability Management — including senior managers and staff-level ICs.
• Define and drive a unified security operations strategy that aligns detection, response, intelligence, and risk reduction into a coherent, outcome-driven program.
• Build and mature engineering-led capabilities: SIEM/SOAR platforms, detection-as-code practices, behavioral analytics, threat intel pipelines, and automated response playbooks.
• Apply adversary-centric frameworks — MITRE ATT&CK, threat modeling, adversary emulation — to continuously evolve coverage, reduce dwell time, and improve detection fidelity.
• Partner closely with Fraud, Product, and Customer Operations to align on shared threat surfaces, incident response coordination, and risk signal sharing across the business.
• Develop and mentor senior managers and ICs; build a culture of technical excellence, psychological safety, and clear accountability.
• Communicate operational risk, security posture, and program outcomes to executive leadership with precision — translating signals into decisions, not noise.
• Define and deliver OKRs anchored in engineering output and risk reduction: detection coverage expansion, automation containment rates, signal precision, and detection-as-code deployment velocity — not analyst throughput or ticket volume.
• Champion an AI-first approach to security operations — integrating automation, ML-driven detection, and intelligent triage to compound the team’s impact without linearly compounding headcount.
• Drive continuous improvement in process, tooling, coverage, and incident readiness — including post-incident reviews that produce measurable program changes, not just documentation.