Technology- Application Security Engineer

COMPANY OVERVIEW

KKR is a leading global investment firm that offers alternative asset management as well as capital markets and insurance solutions. KKR aims to generate attractive investment returns by following a patient and disciplined investment approach, employing world-class people, and supporting growth in its portfolio companies and communities. KKR sponsors investment funds that invest in private equity, credit and real assets and has strategic partners that manage hedge funds. KKR's insurance subsidiaries offer retirement, life and reinsurance products under the management of Global Atlantic Financial Group. References to KKR's investments may include the activities of its sponsored funds and insurance subsidiaries.

POSITION SUMMARY

KKR is seeking an experienced Product Security Analyst. This role offers exciting opportunities for growth and impact as KKR scales its business and continues to innovate. As a Security Analyst, you will be responsible for designing, implementing, and maintaining security measures across our environment specific to our internally developed applications, external facing applications, and key Software as a Service (SaaS) applications. You must be proficient in troubleshooting, vulnerability management, cloud security, application security, and have a deep understanding of a wide range of systems, and be capable of leading other teams in these efforts. You will work closely with Enterprise Systems and other business units to ensure our security posture remains strong, aligned with industry best practices, and compliant with regulatory requirements. You will also be looking over the horizon, identifying future needs and exploring leading edge solutions. This position is a full time position and will be onsite in our Gurugram office. We are operating in a 4 day in office, 1 day flexible work arrangement.

 RESPONSIBILITIES

• Conduct application security assessments and penetration tests to identify vulnerabilities and security issues.
• Work closely with the software development team to ensure that secure coding practices are implemented throughout the application development lifecycle.
• Design and implement security solutions to protect applications from potential threats.
• Provide guidance and recommendations on application security best practices.
• Maintain knowledge of the latest security trends, threats, and countermeasures.
• Participate in incident response and handling activities related to application security incidents.
• Conduct security awareness and training sessions for the development team to promote secure coding practices.
• Develop and maintain application security standards, policies, and procedures.
• Report and document security findings and remediation activities.
• Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline.

QUALIFICATIONS 

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Atleast 5 years of proven experience as an Application Security Engineer or similar role.
• Strong understanding of software development life cycle (SDLC) and secure coding practices.
• Proficiency in conducting security assessments and penetration tests.
• Experience with security tools and technologies such as firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and network access control (NAC).
• Knowledge of regulatory requirements and industry best practices related to application security.
• Experience with cloud security and DevSecOps practices.
• Familiarity with OWASP Top Ten and other security frameworks
• Team-player who enjoys working in a collaborative and collegial environment and is an active contributor as part of a global team
• Ability to work calmly under pressure and meet deadlines and solve problems requiring creativity, initiative and drive; self-motivated and enjoys a sense of pride in their accomplishments
• Ability to present ideas in a user-friendly, business-friendly and technical language
• Strategic self-starter with an innovative mindset and outstanding attention to detail

KKR is an equal opportunity employer.  Individuals seeking employment are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, or any other category protected by applicable law.