Security Engineer - Incident Response - (Bangalore)

India
Engineering – Security /
Full-time /
Hybrid
Are you ready to power the World's connections?

This position will build a working leader reporting to the security manager, who is responsible for creating a collaborative environment between Kong Inc. Security and all impacted business/engineering teams by working together in the effective incident detection, response, recovery, identification, and protection. Stakeholder management and clean thinking under pressure are critical requirements for the role, together with a strong passion for Cyber Security and its fantastic ability to make a real difference in protecting customers, partners and employees. 

About the Role: 

This position is responsible for the management, operation, and direction of the incident response program, related process development, and improvement activities, including security breach simulation exercises. This individual will develop Kong's Incident Response program and train and mentor others to perform and manage daily tasks associated with cyber incidents, investigations, threat intelligence, threat hunting, and simulation exercises as part of Security Operations. This individual will also drive new solutions, deployments, and procedures for gathering, handling, searching and retrieving centralized log data and digital and physical evidence concerning incidents. Ensure that forensically sound practices are documented. As a SaaS provider, this role also should provide guidance and assistance to Kong GRC and Vulnerability Management programs and product security. This individual will coordinate processes and collaborate with Security Engineering and other business stakeholders across the company in daily security operations.

The company's leadership team, and a cross-functional team of skilled engineers from various perspectives, all working with a singular focus of maintaining our customer's trust. You'll be exposed to the reality of how Kong functions on a technical and process level and will build a comprehensive base of knowledge around how it all works together. In doing so, you'll be playing a role in keeping Kong secure and compliant, bringing security to our company's forefront.

This will be a Hybrid role with 3 days in office, 2 days remote.

Responsibilities/Duties:

    • Execute, develop and document incident handling guides and processes for Kong
    • Lead the Security Incident Response Team (SIRT) to employ strategy, standards, processes, and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence
    • Prioritizes events using existing tools to correlate data to reduce false positives and detect threats
    • Analyze and tune security alerts and interpret events, as well as create new signals based on signatures and behavioral activities
    • respond to security incidents, lead investigations, and perform forensics on IT systems as necessary. 
    • Guide/lead mitigation strategies for identified vulnerabilities and threats 
    • Design, automate and maintain a portfolio of security alerts, automated actions, and escalation workflows supporting a high-performing 24/7 incident response capability.
    • Conduct threat hunting activities, anticipate future threats, and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors.
    • Assist with implementation of counter-measures or mitigating controls 
    • Develop and maintain Incident Response capabilities in public cloud environments 
    • Prepare incident reports of analysis methodology and results. 
    • Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
    • Partner with key stakeholders and communicate effectively to improve preparation, identification, analysis, containment, and post-mortem activities feedback loop.
    • Develop monthly reporting dashboards and metrics on incidents and response capabilities 
    • Prepare executive summaries and conduct briefings on significant investigations. 
    • Developing the security event simulation program and conducting security event tabletop exercises

Qualifications And Skills

    • Experience in crisis management, namely in preventing incidents from becoming a crisis
    • Insight of using incidents as opportunities by leveraging Incidents to drive innovation, situation awareness, and fixes
    • passion for automation, delegation, and scalability via playbooks and highly effective processes
    • Drive for automating processes and workflows to detect, contain and eliminate active malicious agents
    • Expertise in building and operating security information/event management systems (SIEM), centralized logging, and enrichment solutions(Endpoint protection/detection, Network telemetry data, ELK, Splunk, Snowflake, AWS services, HR systems, codebase infrastructure, build infrastructure).
    • Practical experience working with cloud technologies; ability to build and deploy a solution using Terraform.
    • Experience with building and deploying solutions (Puppet / Chef / Ansible, Terraform, Jenkins)
    • Competency in Linux, windows; 
    • Ability to automate workflows via Python, Ruby, and javascript scripting languages.

Personal Characteristics

    • Looking for the next challenge
    • Curious
    • Highly Motivated
    • An effective leader in a high pressured capability
    • Build and Nurture relationships and possibly teams
    • Want to make the difference
    • Want to build something worthwhile
    • Want to make the work safer