Security Engineer, Principal
We are seeking a Security Engineer to own the end to end security of the Kinvey platform. This includes multiple layers – underlying cloud infrastructure, application layer, and the platform layer consumed by customers as a multi-tenant platform. In addition, this role would influence security of the mobile SDK and the enterprise connectivity feature.
As a Security Engineer at Kinvey you will be a key resource that helps exceed compliance standards such as HIPAA and HITRUST by translating requirements into tangible process and product improvements. You will also be the main liaison with corporate compliance on GDPR and SOC 2.
The ideal candidate would be a hands-on security expert who is capable of implementing many of the improvements they recommend, by contributing to application and infrastructure-as-code codebases. You will have the opportunity to influence development and operational process, select tools and vendors to perform security testing, and foster security innovation at the product level.
- Security SME on engineering architecture reviews
- Threat modelling across the entire stack and tenancy options
- Recommend augmentations of the development process to enhance security at an early stage
- Participate in audits
- Lead security incidents
- Help create whitepapers on Kinvey security
- Own 3rd party security tooling and vendor selection for penetration testing, white-box testing, continuous network scans, static code analysis, dependency vulnerabilities, intrusion detection/prevention
- Design and help implement access framework for dev team, including ssh infrastructure and IAM policy
- BS degree in computer science or equivalent practical experience.
- Experience in applications security, cryptography, network security, systems security or malware analysis.
- Willingness and ability to grow into the above mentioned responsibilities
- Understanding of IaaS security features – VPC, Security groups, KMS, IAM
- Understanding of TLS, VPN, SSO, OWASP recommendations
- MS or PhD degree in computer science.
- 4 years of experience in a similar hands-on security role in a PaaS or SaaS company