Security Engineer - Incident Response

Kong Inc., an industry pioneer in cloud-native solutions, empowers businesses worldwide to innovate and excel in managing their API-driven architectures. With numerous awards for innovation and security solutions, our commitment extends beyond technology to cultivating a workplace that celebrates diversity and fosters inclusion. Join us to be part of a company where your work impacts millions and where every team member is instrumental in driving success.

As a Security Engineer specializing in detection and response, you will play a pivotal role in safeguarding Kong’s platforms against sophisticated cybersecurity threats. This dynamic position involves directing our Security Incident Response Team (SIRT), enhancing our incident response strategies, and providing mentorship to develop team expertise. Your efforts in evolving our Detection and Response program will be crucial. Through pioneering advanced frameworks, integrating cutting-edge automation, and crafting essential performance metrics, you will lead initiatives that significantly boost our defenses and operational efficiencies.

This role offers the unique opportunity to shape the future of cybersecurity in Kong, ensuring robust protection against an ever-changing threat landscape. Your strategic input and leadership will not only defend our systems but also influence the security culture at Kong Inc., making an indelible impact on our global operations.

What will you do:

• Direct our Security Incident Response Team (SIRT), leveraging strategic frameworks, state-of-the-art technologies, and rigorous processes to swiftly identify, manage, and mitigate security incidents.
• Focus on minimizing the impact of these incidents through effective response and recovery strategies.
• Engineer sophisticated detection systems and analytics to proactively identify and neutralize threats across diverse environments, including cloud, corporate, and edge infrastructures.
• Foster strong partnerships with Engineering, Risk Management, Compliance, and other critical departments to ensure security measures are perfectly integrated with the broader business goals and objectives.
• To strengthen our security infrastructure, we continuously assess, select, and optimize a blend of custom and commercial security tools, including EDR, anti-phishing technologies, and SIEM systems.
• Craft and refine advanced strategies, create resilient frameworks, and implement process automation to elevate the maturity of our Detection and Response programs.
• Develop critical metrics to measure effectiveness and drive continuous improvement.
• Design and maintain comprehensive incident response playbooks and detailed documentation to guide the security team's actions during incidents and ensure consistency in response strategies.
• Lead proactive threat-hunting initiatives to uncover hidden risks and vulnerabilities. Manage and enhance our security simulation program, including conducting rigorous tabletop exercises to test and improve incident response tactics.
• Engage actively in on-call rotations, providing expert support and rapid responses to emergent security issues, ensuring 24/7 protection for our operations.
• Developing the security event simulation program and conducting security event tabletop exercisesOversee and cultivate strategic partnerships with external vendors and Managed Detection and Response (MDR) services, ensuring they align with our security objectives and deliver exceptional support and technology.

What we look for:

• At Kong Inc., we value a diversity of voices. The following is not a laundry list, but to be effective in this role, you should possess most of the following and an interest in learning more about the rest:
• Expertise in building and operating security information/event management systems (SIEM), including investigating threats, developing metrics and dashboards, normalizing data feeds, and integrating with other tools
• Strong understanding of attacker tactics, techniques, and procedures (TTPs) and experience with “Detection as Code.”
• Proven expertise in managing and operating SIEM systems; familiarity with CrowdStrike and LimaCharlie SecOps Cloud Platform preferred.
• Demonstrated ability to use Tines, the smart, secure workflow builder, to automate processes that detect, contain, and eliminate active malicious agents. This includes designing and implementing automation workflows that enhance our security response capabilities and operational efficiency.
• Experience in securing, developing detections, and responding to incidents in one major public cloud infrastructure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP)Experience in effectively leading large and complex security incidents from detection to remediation
• Familiarity with modern security frameworks and best practices, such as the MITRE ATT&CK framework and NIST CSFProficiency in one or more general-purpose programming languages such as Python, Ruby, Go, or Rust
• Experience with Linux administration at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and process isolation

Preferred Qualifications: - Experience in building a Detection Engineering Pipeline and leading threat hunts.

• Published research in detection engineering or threat intelligence.
• Developed automation to enhance security operations.