DevSecOps Engineer

About Knotch
Knotch is a Content Intelligence Platform that enables brands to drive business growth through content. We build products for people who use content to drive performance. We also offer Strategic Consulting services which enable brands to achieve new levels of efficiency and effectiveness through ongoing and ad hoc support. Knotch gives marketers a holistic view of content’s performance and provides insights and actions that drive performance and increase efficiency.

As our DevSecOps Engineer you’ll be a key individual contributor with a focus on our Application, Infrastructure, and Data Security/Privacy efforts. You will bring a wide range of experience in the security domains of Security Operations, Risk, Compliance and Identity Management and the tools and philosophical approaches associated with each. You will be a subject matter expert on all aspects of development, operations and security. You will also act as a change agent within the department and company by continually implementing industry standards and best practices across teams. You’d best contribute to security architecture and business strategic planning by providing objective feedback, insight, and recommendations for Knotch. You’d also be responsible for leading investigations for incident response and reviewing system logs.

Your first 90 days

• In your first 30 days… (i) Understanding of what we do and how we do it; (ii) Review current state of affairs on security; (iii) Understanding of gaps in security for SOC2 and other relevant frameworks
• In your first 60 days…(i) Taking ownership of SOC2 compliance (ii) Begin setting up best practices
• In your first 90 days… (i) Complete ownership of everything security (ii) Becoming the default escalation point for all security matters

How you will add value at Knotch

• Design, build and implement enterprise-class security systems with engineering
• Lead planning, implementation, and testing of security systems, policies, procedures and standards
• Wear multiple hats as DevOps/SRE working with engineers (onshore and offshore) as needed
• Provide advice and assistance to management concerning information security, privacy, and related matters
• Proactively identify, assess, manage, and mitigate potential threats to security
• Ensure that security policies and directives are consistently applied
• Evaluate information security systems, methods, and practices
• Develop and implement programs for employee security awareness
• Architect cloud security solutions using the AWS ecosystem
• Lead secure software development discussions with clients and their infosec teams/questionnaires
• Ensure data on our information system is protected to prevent unauthorized access
• Design solutions that balance security and business requirements
• Lead technical teams through the investigation, RCA, remediation and documentation of security incidents
• Effectively work with engineers, product managers, and other stakeholders. Collaboration is the name of the game!
• Act as a point of escalation to individual contributors and our leadership team
• Deliver dashboards and reports to a wide audience demonstrating our current program state and adherence to framework standards
• Provide guidance on data privacy regulations, including NIST standards, GDPR, CCPA, and others while implementing processes to ensure effective data protection controls
• Stay current with industry trends, attacks, mitigation measures, and application security standards
• Respond to client and vendor security assessments
• Train engineering teams and others at Knotch on security best practices

You will successful if you bring:

• 5+ years prior DevOps, SRE or security engineering experience in a SaaS/PaaS/IaaS environment
• A history of developing policies, standards, and best practices that you’ve developed from ground up in collaboration with other engineering, product and legal team members
• A self-starter mentality with the ability to lead and work with cross-functional teams
• Communication skills, empathy and expertise to instill confidence with external clients on data privacy and systems security
• A pragmatic approach to balancing security, user, and business requirements
• Knowledge of industry standard control frameworks (e.g. NIST, SOC2 etc.)
• Knowledge of what it takes to be GDPR/CCPA/SOC2 compliant
• The mindset to work in a dynamic, fast paced environment, prioritizing and delivering on evolving timelines
• Dependability traits and show a sense of urgency about getting results
• Excellent documentation skills and a care for tracking context and purpose

Bonus points if you have:

• Relevant certifications (e.g. CISSP, CISM, CCSP)

We are an equal opportunity employer committed to fostering a diverse, equitable, and inclusive workplace. We strive to provide equal opportunities in all aspects of employment, including recruitment, hiring, compensation, training, promotion, and employee experience, without regard to race, color, religion, national origin, sex (including pregnancy, childbirth, and related medical conditions), age, disability, genetic information, marital status, sexual orientation, gender identity, or any other legally protected characteristic. We do not tolerate any form of discrimination, harassment, or retaliation. We actively encourage applicants and employees from all backgrounds to bring their authentic selves to work and contribute to creating an environment where everyone feels valued, respected, and empowered to reach their full potential. We welcome honest feedback from all stakeholders to continually improve our diversity, equity, inclusion, and belonging efforts.