Sr. Cloud Security Engineer
Lead the design, implementation, and continuous improvement of the KBXT Cloud Platform identity and security program by developing capabilities and providing experienced guidance pertaining to development of secure, cloud-based, multi-tenant application and data services. Partner with product and architecture teams to educate, evangelize, and validate secure development practices. Be accountable for securing enterprise information by identifying network and application security requirements, planning, implementing, and testing security controls and procedures. Build knowledge across the team in how to better secure, monitor, and respond to cybersecurity threats and incidents across our environment. Provide Identity Access Management (IAM) technical direction and strategy, ensuring that identity & access solutions are delivered effectively and efficiently produce the desired business value and security outcomes. Collaborate with the KBXT Platform Strategy team to establish the strategic IAM and security capabilities for the entire lifecycle of our application and data services.
What You Will Do In Your Role
- Work closely with KBXT architects and engineers to identify and mitigate risks, perform security reviews, design top tier security practices, and help ensure delivery of secure technology products.
- Support a “security first” advocacy and encourage platform solutions that enable technology product teams to “shift left” with vulnerability identification and resolution.
- Influence technology projects by representing risks and identifying mitigation opportunities.
- Propose, design, plan and execute strategic and tactical operational security objectives.
- Perform analysis and develop metrics that measure current risk and effectively evaluate and manage threats.
- Evaluate and recommend threat intelligence and vulnerability management options.
- Analyze threats and current security controls to identify gaps in current defensive posture.
- Work with the Koch compliance and security teams, and the KBXT test automation team to automate vulnerability and pen testing.
- Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls.
- Advise on secure architecture/design, attack surface area reduction, least privileged design, threat mitigations, and security standard methodologies.
- Build, maintain, and enforce application security development policies, procedures & standards.
- Maintain current knowledge of security threats and vulnerabilities that could impact products and their technology stack components and help product teams identify solutions that meet security requirements.
- Evaluate and operationalize security tools by integrating with the development environment and commit/build pipelines.
- Ensure KBXT technology policies, standards, and processes are designed in a way that align with the KBXT vision.
- Produce and maintain documentation to support solutions that you have developed/deployed to aid in the support of the solution.
- Configuration management, review, and governance of Cloud resources, identity and access management (IAM), etc.
- Automating our operational processes as needed, with accuracy and in compliance with our Cyber Security standards
- On-call rotation support for level 2 support issues.
The Experience You Will Bring
- 7+ years’ experience in various roles within application development, information security and web application security architecture/best practices
- 3+ years of experience architecting, designing, and deploying solutions on AWS. Proven implementation of cloud security models, particularly identity, network, and encryption
- 3+ years’ experience designing systems that include customer identity features such as customer registration and/or social identity, authentication, authorization, and customer self-service
- Technology product security architecture and engineering experience. Understanding of security vulnerabilities and attacks and the ability to mitigate them
- Experience with Identity and Access Management concepts such as authentication, authorization, application security, privacy and consent management, regulatory compliance, multi-factor authentication, federation, and risk management
- Experience with identity lifecycle management and federation technologies such as SAML, OAUTH, OpenID Connect, or similar
- Experience with customer identity and access management platforms such as Auth0, Okta, Ping, or similar
- Experience conducting Source Code reviews and educating development teams on best practices
- At least 2 years’ experience managing Kubernetes/Docker environment
- Experience with DevSecOps pipelines, CI/CD concepts, infrastructure-as-code, and automation technologies
- Experience working in Agile/Scrum teams and proficient in Continuous Integration and Continuous Delivery
What Will Put You Ahead
- A Degree in Computer Science or Engineering
- AWS Certified Solutions Architect Professional certification
- AWS Certified Security – Specialty certification
- Experience as part of a DevOps team building security into automated deployments
- Experience with vulnerability management and penetration testing systems, tools, practices, and procedures
- Experience in security frameworks, such as ISO/IEC 27001, NIST 800-53 or OWASP
- Knowledge of host hardening, auditing, logging and monitoring, network security, SEIM deployments, security analytics, anomaly detections, PKI
- Experience conducting application penetration test in various platforms. Experience implementing Software Security testing tools
- Working knowledge of C# .NET Core language
- Experience with Microsoft Azure Dev Ops for source control and Agile process
- Experience with relational databases is a plus (PostgreSQL, MSSQL)
- Experience with Datadog for monitoring and application integrations
Salary and Benefits Commensurate with Experience.
Equal Opportunity Employer.
Except where prohibited by state law, all offers of employment are conditioned upon successfully passing a drug test.
This employer uses E-Verify. Please visit the following website for additional information: www.kochcareers.com/doc/Everify.pdf
This role is eligible for variable pay based on performance and other related factors. Variable pay may be issued as a monetary bonus or in another form.
Employees may be eligible to participate in our benefits programs which include: medical, dental, vision, flexible spending accounts and health savings accounts, life insurance, AD&D, disability, retirement, paid vacation, paid parental leave and educational assistance. Specific eligibility criteria is set by the applicable Summary Plan Description, policy or guideline.
For this position we anticipate paying $135,000 to $180,000 per year.