Security Engineer
Remote
Kensho
Kensho develops cutting-edge products and technologies that transform businesses. We are the AI Innovation Hub for S&P Global.As a security focused engineer at Kensho you are a thoughtful, collaborative, and seasoned technologist who will be working closely with the Infrastructure team to ensure security across a number of systems and web applications. You will help us protect network boundaries, keep systems and network devices against attacks and provide security frameworks and processes to protect confidential data like passwords and client information.
At Kensho, we believe in flexibility-first, and give our employees the opportunity to work from where they feel most productive and engaged (Must be in the United States). We also value in-person collaboration, so there may be times when travel to one of our Kensho hubs (NY/DC/MA) may be required for team meetings or company events on a monthly or quarterly basis.
What You'll Do:
- Design and implement security controls and policies across Kensho and provide oversight to ensure compliance
- Analyze and recommend security practices and tools for engineering teams to incorporate into the software development lifecycle
- Knowledge of e2e application frameworks to execute security reviews and uncover vulnerabilities
- Directly interface with customer infosec teams, lawyers, external security researchers as well as internal partners to ensure that Kensho maintains a best-in-class security envelope
- Design and implement policies for third party vendor screening and dependency management
- Implement procedures to respond to and recover from security incidents
- Monitor Kensho’s networks and systems for potential intrusions and investigate anomalous behavior
- Perform static and dynamic vulnerability assessments of applications using commercial and open source tools such as Fortify, Bandit, WebInspect and OWASP Zap
What We Look For:
- Three or more years of experience as a security engineer
- Experience securing modern web applications and distributed data infrastructure in a cross-team setting
- Strong understanding of cryptography and current best practices
- Experience with penetration testing tools, techniques and methodologies and understanding of common vulnerabilities and remediation strategies
- One or more years experience writing code in Python, Javascript, Java, or GoFamiliarity with core networking concepts and standard protocols such as TCP, UDP, and HTTP
- Prior experience working with enterprise security technologies such as firewalls, IDS/IPS, AntiVirus/EDR, or Security Information and Event Management systems
- Ability to apply risk management tools and methodologies
- Experience conducting or facilitating IT security audits
- Familiarity with security models for cloud providers such as AWS, Azure and GCP
How To Really Grab Our Attention:
- Experience securing services and applications running on Kubernetes
- Experience working with Jenkins, Terraform, LinkerD, Vault, or Okta
- Participation in CTFs or bug bounty programs
- Open source project contributions showing innovation and initiative
- Hedge fund or major financial institution trading experience
- Relevant research, publications, and patents
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Artificial Intelligence Audits AWS Azure C Cloud Compliance Cryptography EDR Firewalls GCP IDS IPS Java JavaScript Kubernetes Machine Learning Open Source OWASP Pentesting Python Risk management Terraform Vulnerabilities
Perks/benefits: Career development Conferences Health care Medical leave Parental leave Pet friendly Startup environment Team events Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open IPS-related jobs
- Open CEH-related jobs