About Knotch
Knotch is a Content Intelligence Platform that enables brands to drive business growth through content. We build products for people who use content to drive performance. We also offer Strategic Consulting services which enable brands to achieve new levels of efficiency and effectiveness through ongoing and ad hoc support. Knotch gives marketers a holistic view of content’s performance and provides insights and actions that drive performance and increase efficiency.
As our DevSecOps Engineer you’ll be a key individual contributor with a focus on our Application, Infrastructure, and Data Security/Privacy efforts. You will bring a wide range of experience in the security domains of Security Operations, Risk, Compliance and Identity Management and the tools and philosophical approaches associated with each. You will be a subject matter expert on all aspects of development, operations and security. You will also act as a change agent within the department and company by continually implementing industry standards and best practices across teams. You’d best contribute to security architecture and business strategic planning by providing objective feedback, insight, and recommendations for Knotch. You’d also be responsible for leading investigations for incident response and reviewing system logs.
Your first 90 days
In your first 30 days… (i) Understanding of what we do and how we do it; (ii) Review current state of affairs on security; (iii) Understanding of gaps in security for SOC2 and other relevant frameworks
In your first 60 days…(i) Taking ownership of SOC2 compliance (ii) Begin setting up best practices
In your first 90 days… (i) Complete ownership of everything security (ii) Becoming the default escalation point for all security matters How you will add value at Knotch
Design, build and implement enterprise-class security systems with engineering
Lead planning, implementation, and testing of security systems, policies, procedures and standards
Wear multiple hats as DevOps/SRE working with engineers (onshore and offshore) as needed
Provide advice and assistance to management concerning information security, privacy, and related matters
Proactively identify, assess, manage, and mitigate potential threats to security
Ensure that security policies and directives are consistently applied
Evaluate information security systems, methods, and practices
Develop and implement programs for employee security awareness
Architect cloud security solutions using the AWS ecosystem
Lead secure software development discussions with clients and their infosec teams/questionnaires
Ensure data on our information system is protected to prevent unauthorized access
Design solutions that balance security and business requirements
Lead technical teams through the investigation, RCA, remediation and documentation of security incidents
Effectively work with engineers, product managers, and other stakeholders. Collaboration is the name of the game!
Act as a point of escalation to individual contributors and our leadership team
Deliver dashboards and reports to a wide audience demonstrating our current program state and adherence to framework standards
Provide guidance on data privacy regulations, including NIST standards, GDPR, CCPA, and others while implementing processes to ensure effective data protection controls
Stay current with industry trends, attacks, mitigation measures, and application security standards
Respond to client and vendor security assessments
Train engineering teams and others at Knotch on security best practices You will successful if you bring:
5+ years prior DevOps, SRE or security engineering experience in a SaaS/PaaS/IaaS environment
A history of developing policies, standards, and best practices that you’ve developed from ground up in collaboration with other engineering, product and legal team members
A self-starter mentality with the ability to lead and work with cross-functional teams
Communication skills, empathy and expertise to instill confidence with external clients on data privacy and systems security
A pragmatic approach to balancing security, user, and business requirements
Knowledge of industry standard control frameworks (e.g. NIST, SOC2 etc.)
Knowledge of what it takes to be GDPR/CCPA/SOC2 compliant
The mindset to work in a dynamic, fast paced environment, prioritizing and delivering on evolving timelines
Dependability traits and show a sense of urgency about getting results
Excellent documentation skills and a care for tracking context and purpose Bonus points if you have:
Relevant certifications (e.g. CISSP, CISM, CCSP)
Final salary commensurate with experience.
Additional Information
Benefits & Perks:
Benefits include medical, dental and vision insurance eligibility, a 401(k) plan, unlimited PTO plus 10+ company-paid holidays, a daily company break, and a wellness allowance, just to name a few!
Equal Opportunity Employer:
Knotch is an equal opportunity employer.We strive to provide equal opportunities in all of our processes, including our hiring and employee experience. We pride ourselves on our three values: transparency, relentlessness, and inclusiveness. We commit to daily work towards leading with empathy, reducing bias through periodic training, and engaging with and uplifting communities of marginalized groups. We condemn all forms of racism and discrimination on the basis of race, religion, ethnicity, nationality, gender identity, sexual orientation, age, marital status, pregnancy or parenthood status, veteran status, disability status or any other identifier. We encourage all employees, clients, investors, candidates, vendors, and friends of Knotch to show up as their authentic self and deliver honest feedback (directly or anonymously) so that we may always seek to improve as an organization that is dedicated to diversity, equity, inclusion, and belonging. Share your thoughts with us, and you will be heard.