Original listing text, shown exactly as published by the company.
About the Role
This position will build a working leader reporting to the security manager, who is responsible for creating a collaborative environment between Kong Inc. Security and all impacted business/engineering teams by working together in the effective incident detection, response, recovery, identification, and protection. Stakeholder management and clean thinking under pressure are critical requirements for the role, together with a strong passion for Cyber Security and its fantastic ability to make a real difference in protecting customers, partners and employees.
The company's leadership team, and a cross-functional team of skilled engineers from various perspectives, all working with a singular focus of maintaining our customer's trust. You'll be exposed to the reality of how Kong functions on a technical and process level and will build a comprehensive base of knowledge around how it all works together. In doing so, you'll be playing a role in keeping Kong secure and compliant, bringing security to our company's forefront.
What you’ll be doing
- Execute, develop and document incident handling guides and processes for Kong.
- Prioritizes events using existing tools to correlate data to reduce false positives and detect threats.
- Analyze and tune security alerts and interpret events, as well as create new signals based on signatures and behavioral activities.
- Respond to security incidents and perform forensics on IT systems as necessary.
- Guide/lead mitigation strategies for identified vulnerabilities and threats.
- Design, automate and maintain a portfolio of security alerts, automated actions, and escalation workflows supporting a high-performing 24/7 incident response capability.
- Conduct threat hunting activities, anticipate future threats, and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors.
- Assist with implementation of counter-measures or mitigating controls.
- Develop and maintain Incident Response capabilities in public cloud environments.
- Prepare incident reports of analysis methodology and results.
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Partner with key stakeholders and communicate effectively to improve preparation, identification, analysis, containment, and post-mortem activities feedback loop.
- Develop monthly reporting dashboards and metrics on incidents and response capabilities.
- Prepare executive summaries and conduct briefings on significant investigations.
What you’ll bring
- Experience in crisis management, namely in preventing incidents from becoming a crisis.
- Insight of using incidents as opportunities by leveraging Incidents to drive innovation, situation awareness, and fixes.
- Passion for automation, delegation, and scalability via playbooks and highly effective processes.
- Drive for automating processes and workflows to detect, contain and eliminate active malicious agents.
- Expertise in building and operating security information/event management systems (SIEM), centralized logging, and enrichment solutions (Endpoint protection/detection, Panther, Crowdstrike, AWS Security Hub, codebase infrastructure, build infrastructure).
- Practical experience working with cloud technologies; ability to build and deploy a solution using Terraform.
- Experience with building and deploying solutions (Ansible, Terraform).
- Competency in Linux, windows;
- Ability to automate workflows via Python or javascript scripting languages.
#LI-BR2
