Network Security Engineer

POSITION OVERVIEW

KKR is seeking a network security engineer to join our information security team in Boston or New York. This is an in-person role with expectations to be on-site 4 days a week in Boston

This role is ideal for an engineer with 6 years of experience developing, and building solutions with expertise across network, email, endpoint, data, identity and cloud security. Experience in financial systems, cloud (AWS/Azure), or AI security is highly valued.

RESPONSIBILITIES

Network Security:

• Design, implement, and manage network security solutions, including firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and network access control (NAC).
• Analyze network traffic for potential security threats and vulnerabilities.
• Develop and enforce network security policies, procedures, and standards.

Email Security:

• Configure and manage secure email gateways to protect against phishing, spam, malware, and other email-based threats.
• Implement and maintain email encryption protocols.
• Conduct regular security assessments and audits of email systems.

Endpoint Security:

• Deploy and manage endpoint security solutions, including antivirus, antimalware, EDR (Endpoint Detection and Response), and DLP (Data Loss Prevention) tools.
• Ensure endpoint devices are compliant with security policies and have the latest security patches and updates.
• Respond to and mitigate endpoint security incidents.

Vulnerability Management:

• Develop and manage vulnerability management programs, including regular scanning, assessment, and remediation.
• Collaborate with IT teams to prioritize and address vulnerabilities based on risk and impact.
• Track and report on the status of vulnerability remediation efforts.

Cloud Security:

• Implement and manage security controls across various cloud platforms (e.g., AWS, Google Cloud, Microsoft Azure).
• Ensure the security of cloud-based infrastructure, applications, and services.

QUALIFICATIONS

• Experienced security professional with a strong background in networking, infrastructure, and security, ideally gained in organizations of various sizes and through working in multiple roles with diverse technologies and products.
• Understanding of core principles of how modern infrastructure technologies operate (such as virtualization of computing and networking, containers, cloud computing, SaaS, PaaS etc) and the security aspects of these technologies
• Solid understanding of the operation of LAN/WAN IP-based networks (TCP/IP, routing/switching, VLANs, NAT, DNS, DHCP)
• Understanding of principles of applied cryptography - symmetric/asymmetric encryption, hashing, SSL/TLS, SSH, PKI, IPSec, site-to-site/remote access VPN, disk encryption, HSM
• Understanding of attack vectors against modern enterprises: phishing, ransomware, malware, DoS/DDoS, drive-by, MITM, various type of injection (i.e. SQL), cross-site scripting, etc.; methods of defense from these attacks
• Knowledge of common security principles, concepts, and methods (authentication, authorization, single sign-on, network segregation, DMZ, Zero Trust, defense-in-depth, penetration testing, sandboxing etc.)
• Ability and desire to code, script and automate in order to improve own and team's operational efficiency
• Understanding of aspects of application delivery in principle and firewalling/load balancing in particular
• Understanding of HTTP operation and associated concepts (its methods, cookies, sessions, caching, CDNs, HTTP-based applications and protocols etc)