Software Engineer - Security

Cambridge, MA /
Infrastructure – Infrastructure & Security /
Full-time
With the continued impact of COVID-19 and social distancing measures, Kensho is conducting all interviews and on-boarding activities remotely. At the present time, all employees are working remotely, until further notice. When the time comes to open our offices, Kensho will fully support those employees who would like to continue working remotely and not ask anyone to return to the office until they are comfortable.  

At Kensho, we hire talented people and give them the freedom, support, and resources needed to build cutting edge technology and products for our parent company, S&P Global. As a result, we produce technology that is scalable, robust, and solves the challenges of one of the world’s largest, most successful financial institutions.

As a security focused software engineer at Kensho you are a thoughtful, collaborative, and seasoned technologist who will be working closely with the Infrastructure team to ensure security across a number of systems and web applications. You will help us protect network boundaries, keep systems and network devices against attacks and provide security frameworks and processes to protect confidential data like passwords and client information.

What You'll Do:

    • Design, implement and maintain security controls and procedures across Kensho and provide oversight to ensure compliance
    • Analyze and recommend security practices and tools for engineering teams to incorporate into the software development lifecycle
    • Directly interface with customer infosec teams, lawyers, external security researchers as well as internal partners to ensure that Kensho maintains a best-in-class security envelope
    • Cultivate full team participation in high quality, thoughtful, secure software
    • Implement procedures to respond to and recover from security incidents
    • Monitor Kensho’s networks and systems for potential intrusions and investigate anomalous behavior
    • Perform static and dynamic vulnerability assessments of applications using commercial and open source tools such as Fortify, Bandit, WebInspect and OWASP Zap.

What We Look For:

    • Two or more years of experience as a security engineer
    • Experience securing modern web applications and distributed data infrastructure in a cross-team setting
    • Strong understanding of cryptography and current best practices
    • Experience with penetration testing tools, techniques and methodologies and understanding of common vulnerabilities and remediation strategies
    • One or more years experience writing code in Python, Javascript, Java, or Go
    • Familiarity with core networking concepts and standard protocols such as TCP, UDP, and HTTP
    • Prior experience working with enterprise security technologies such as firewalls, IDS/IPS, AntiVirus/EDR, or Security Information and Event Management systems
    • Ability to apply risk management tools and methodologies
    • Experience conducting or facilitating IT security audits
    • Familiarity with security models for cloud providers such as AWS, Azure and GCP

How to Really Get Our Attention:

    • Experience securing services and applications running on Kubernetes
    • Experience working with Jenkins, Terraform, LinkerD, Vault, or Okta
    • Participation in CTFs or bug bounty programs
    • Open source project contributions showing innovation and initiative
    • Hedge fund or major financial institution trading experience
    • Relevant research, publications, and patents

Technologies We Like:

    • Python, Linux, Docker, Kubernetes, Calico, Git, Jenkins, Sentry, Cypress


Benefits & Perks:

At Kensho, we pride ourselves on providing top-of-market benefits, including:
Medical, Dental, and Vision insurance - 100% company paid premiums
Unlimited Paid Time Off
18 weeks of 100% paid Parental Leave (paternity and maternity)
401(k) plan with 6% employer matching
Generous company matching on donations to non-profit charities
Up to $20,000 tuition assistance toward degree programs, plus up to $4,000/year for ongoing professional education such as industry conferences
Plentiful snacks, drinks, and regularly catered lunches
Dog-friendly office (CAM office)
In-office gyms and showers (CAM, DC) or Equinox membership (LA, NYC)
Stipend towards commuter or gym reimbursement
Bike sharing program memberships
Compassion leave and elder care leave
Mentoring and additional learning opportunities
Opportunity to expand professional network and participate in conferences and events

About Kensho
 
Kensho uses machine learning, artificial intelligence, natural language processing and data visualization techniques to solve some of the hardest analytical problems and create breakthrough financial intelligence solutions for our parent company, S&P Global. 
 
Kensho was founded in 2013 by Harvard & MIT alums and was acquired by S&P Global in 2018. Kensho continues to operate as a startup in order to maintain our distinct, independent brand and to promote our breakthrough, innovative culture. Our team of Kenshins enjoy a dynamic and collaborative work environment that runs autonomously from S&P, while leveraging the unparalleled breadth and depth of data and resources available as part of S&P Global. 
 
As Kenshins, we pride ourselves on maintaining an innovative culture that depends on diversity and inclusion. We are an equal opportunity employer that welcomes future Kenshins with all experiences and perspectives. Kensho is headquartered in Cambridge, MA, with offices in New York City, Washington D.C. and Los Angeles. 
 
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.