[Hiring] Product Security Engineer @KnowBe4

Role Description

The Product Security Engineer performs all processes and procedures necessary to ensure the safety of KnowBe4 applications and cloud environments. The primary responsibility is to protect the privacy, confidentiality, integrity, and availability of company and customer data by conducting security assessments, triaging security findings, and assisting the IT and engineering teams to develop secure applications and secure our cloud environments.

• Conduct regular security assessments and code reviews to identify vulnerabilities and ensure compliance with security standards.
• Develop and maintain threat models for products, understanding potential threats and devising strategies to mitigate them.
• Integrate security practices into the software development lifecycle, ensuring that security is considered at each stage of development.
• Identify, assess, and coordinate the remediation of vulnerabilities within products, staying up-to-date with the latest security threats and trends.
• Implement and maintain security tools and automation systems to streamline security processes for product security.
• Participate in incident response activities, helping to manage and mitigate security incidents related to the product.
• Provide training and guidance to development teams on best practices in secure coding and product design.
• Ensure products comply with relevant industry security standards and regulations.
• Work closely with engineering, product management, and other teams to ensure security is a key consideration in all aspects of product development and deployment.
• Stay abreast of the latest security research, technologies, and methods to continuously improve product security.
• Conduct risk analysis to understand the impact of potential security threats and develop risk management strategies.
• Develop and enforce security policies and procedures related to product development and maintenance.

Qualifications

• Bachelor’s degree in information security, information systems, or similar experience preferred.
• Relevant field or experience in IT and infosec.
• Experience working in AWS and with Terraform.
• Strong understanding of information security, including exposure to cloud infrastructure, systems analysis, application development, vulnerability scanning, policies and procedures, and audits.
• Experience with cloud computing environments including infrastructure as code, containers, and functions.
• Strong knowledge of CWE top 25 and OWASP top 10 vulnerabilities.
• Understanding of MITRE ATT&CK matrix.
• Experience with code development and can read and understand source code in several programming languages such as Ruby, PHP, Go, JS, Python.
• Automated and Manual Web, Mobile and Traditional application pentesting experience.
• Experience with scripting and building automations leveraging tools such as Python and tools such as Claude Code.
• Experience leveraging AI in your security testing workflows and processes.
• Strong networking and security understanding.
• Understanding of modern web application development technologies such as MVC, JWT, GraphQL.
• Experience with Burp Suite, SAST, DAST, Container and Dependency Scanning tools.
• Security certification such as OSWE, OSCP, CISSP, GPEN, CEH, CCSP, AWS desired.
• Strong verbal and written communications.
• Excellent time management and organization skills.
• Excellent analytical skills.
• Strong problem solving and root cause analysis abilities.

Benefits

• Company-wide bonuses based on monthly sales targets.
• Employee referral bonuses.
• Adoption assistance.
• Tuition reimbursement.
• Certification reimbursement.
• Certification completion bonuses.
• Modern, high-tech, and fun work environment.