Steel Perlot is hiring a

Web3 Head of Engineering Security

Overview

Knox Networks is an open source software platform that supports white label programmable money and digital identity solutions for financial institutions.

The Knox software platform can be used for issuing, authorizing, verifying, executing, transacting, distributing and reporting programmable money between financial institutions and/or consumers as non-account based financial instruments including, but not limited to: digital cash, treasury securities, repurchase agreements, central bank digital currencies and any other cash analogue. Our technology focuses on balancing privacy, scalability and interoperability with various financial standards and payment networks.

Description

As the Head of Engineering Security, you’ll be a part of a globally distributed Security team tackling challenging problems at scale. You will be exposed to a wide range of challenges, from securing service deployments and account permissions, to improving the cloud monitoring and cyber defense visibility capabilities. A successful candidate for this role will not only help identify areas for improvement in Knox’s security posture, but also take initiative to design mitigations and improvements that address gaps in a systematic way.

The position is based in New York, NY or Los Angeles, CA (also open to 100% remote) with full-time salary and benefits.

Key Responsibilities, Prioritized:*

1. Own and strengthen Knox’s Security Strategy and posture
2. Partner with Engineering teams, Infrastructure Teams, Cyber Defense Teams and Security Architecture teams to design and implement effective cloud security controls
3. Leverage AWS native services and other Security tooling to improve Cyber Defense team monitoring and incident response capabilities
4. Implement AWS Security best practices as guided by the AWS Well Architected Framework
5. Design, advocate, and help build secure-by-default infrastructure guardrail that closes off entire classes of security problems.
6. Build integrations for our security event monitoring platform to develop mechanisms to detect and respond to known attacker methodology.
7. Demonstrate leadership by teaching, mentoring, growing cloud security expertise, and setting technical direction and priorities for infrastructure security goals.

Knowledge, Skills, and Abilities

1. Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs
2. Hands-on experience with a diverse range of cloud security technologies, including identity and access management (IAM), web application firewalls, distributed denial of service (DDoS) mitigation, encryption technologies, security information and event management (SIEM), threat and vulnerability management, infrastructure as code (IaC), containerization.
3. Hands-on experience with common Continuous Integration/Continuous Deployment platforms (GitHub Actions, Jenkins, CircleCI, etc)
4. Hands-on experience with Infrastructure as Code tooling (Terraform, CloudFormation, or similar)
5. Working knowledge of one or more general purpose programming/script languages including but not limited to: Rust, C/C++, Go
6. Understanding of Content Delivery Network (CDN) configuration, maintenance and best practices (CloudFlare or similar)
7. Experience with enabling, tuning, and extracting additional value from log generation from AWS services

Requirements

1. 8+ years of experience in security engineering with 3+ years of experience in a Senior Security role focused on Cloud Security - (ie Security Architecture, Security Engineering, Infrastructure Security/DevSecOps, or other related disciplines.)
2. Good communication skills, and a willingness to train and mentor junior personnel
3. Able to work with both technical and business stakeholders to design solutions that bring optimal security benefits while accounting for business needs and timelines.

Apply Now: