Security Engineer Incident Response

Kong Inc

, an industry pioneer in cloud-native solutions, empowers businesses worldwide to innovate and excel in managing their API-driven architectures

With numerous awards for innovation and security solutions, our commitment extends beyond technology to cultivating a workplace that celebrates diversity and fosters inclusion

Join us to be part of a company where your work impacts millions and where every team member is instrumental in driving success

As a Security Engineer specializing in detection and response, you will play a pivotal role in safeguarding Kongs platforms against sophisticated cybersecurity threats

This dynamic position involves directing our Security Incident Response Team (SIRT), enhancing our incident response strategies, and providing mentorship to develop team expertise

Your efforts in evolving our Detection and Response program will be crucial

Through pioneering advanced frameworks, integrating cutting-edge automation, and crafting essential performance metrics, you will lead initiatives that significantly boost our defenses and operational efficiencies

This role offers the unique opportunity to shape the future of cybersecurity in Kong, ensuring robust protection against an ever-changing threat landscape

Your strategic input and leadership will not only defend our systems but also influence the security culture at Kong Inc

, making an indelible impact on our global operations

What Will You Do

Direct our Security Incident Response Team (SIRT), leveraging strategic frameworks, state-of-the-art technologies, and rigorous processes to swiftly identify, manage, and mitigate security incidents

Focus on minimizing the impact of these incidents through effective response and recovery strategies

Engineer sophisticated detection systems and analytics to proactively identify and neutralize threats across diverse environments, including cloud, corporate, and edge infrastructures

Foster strong partnerships with Engineering, Risk Management, Compliance, and other critical departments to ensure security measures are perfectly integrated with the broader business goals and objectives

To strengthen our security infrastructure, we continuously assess, select, and optimize a blend of custom and commercial security tools, including EDR, anti-phishing technologies, and SIEM systems

Craft and refine advanced strategies, create resilient frameworks, and implement process automation to elevate the maturity of our Detection and Response programs

Develop critical metrics to measure effectiveness and drive continuous improvement

Design and maintain comprehensive incident response playbooks and detailed documentation to guide the security team's actions during incidents and ensure consistency in response strategies

Lead proactive threat-hunting initiatives to uncover hidden risks and vulnerabilities

Manage and enhance our security simulation program, including conducting rigorous tabletop exercises to test and improve incident response tactics

Engage actively in on-call rotations, providing expert support and rapid responses to emergent security issues, ensuring 24/7 protection for our operations

Developing the security event simulation program and conducting security event tabletop exercisesOversee and cultivate strategic partnerships with external vendors and Managed Detection and Response (MDR) services, ensuring they align with our security objectives and deliver exceptional support and technology

What We Look For

At Kong Inc

, we value a diversity of voices

The following is not a laundry list, but to be effective in this role, you should possess most of the following and an interest in learning more about the rest:

Expertise in building and operating security information/event management systems (SIEM), including investigating threats, developing metrics and dashboards, normalizing data feeds, and integrating with other tools

Strong understanding of attacker tactics, techniques, and procedures (TTPs) and experience with ?Detection as Code

?

Proven expertise in managing and operating SIEM systems; familiarity with CrowdStrike and LimaCharlie SecOps Cloud Platform preferred

Demonstrated ability to use Tines, the smart, secure workflow builder, to automate processes that detect, contain, and eliminate active malicious agents

This includes designing and implementing automation workflows that enhance our security response capabilities and operational efficiency

Experience in securing, developing detections, and responding to incidents in one major public cloud infrastructure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP)Experience in effectively leading large and complex security incidents from detection to remediation

Familiarity with modern security frameworks and best practices, such as the MITRE ATT&CK framework and NIST CSFProficiency in one or more general-purpose programming languages such as Python, Ruby, Go, or Rust

Experience with Linux administration at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and process isolation

Preferred Qualifications

Experience in building a Detection Engineering Pipeline and leading threat hunts

Published research in detection engineering or threat intelligence

Developed automation to enhance security operations