Senior Backend Engineer: AI/ML & Compliance Engine

Department: EngineeringReports To: Senior Engineering Manager / Director of EngineeringLocation: Hybrid: NC, MA, NYClassification: Full-Time, ExemptEstimated Compensation : $145-170kFocus: Integrations, AI/ML, Compliance Automation, Infrastructure AnalysisAbout KnoxKnox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government's most critical missions — from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance.Work at Knox is high-impact and purpose-driven. The problems we solve are high-stakes, the expectations are high, and the results are visible. Speed, rigor, and trust matter here - because the environments we secure cannot fail. Your contributions are visible, your expertise is relied upon, and the impact of your work is immediate and measurable. We operate at federal scale, securing some of the most sensitive government environments in the country - because the systems we build must perform without fail.The RoleYou'll be the backend powerhouse responsible for building KnoxAI's core compliance engine—integrating with third-party services, implementing AI-driven analysis, and automating the complex workflows required for FedRAMP and DISA authorizations. Your work will directly impact federal agencies' ability to assess and authorize SaaS applications securely and efficiently.This role is ideal for a senior engineer who loves solving hard integration problems, working with cutting-edge AI/ML technologies, and building systems that must be both highly reliable and auditable for government compliance.ResponsibilitiesCore Platform DevelopmentKSI Compliance Engine: Build automated validation for Key Security Indicators across 26+ KSI families (CNA, IAM, SVC, MLA, etc.) with hybrid automated + AI-driven scoringIntegration Pipelines: Develop and maintain integrations with FedRAMP-authorized services:Security: CrowdStrike (SIEM, EDR, CNAPP), AWS Security Hub, GuardDuty, Inspector, CloudTrailIAM/PAM: Okta, Keeper (via CLI/SDK for just-in-time access, session metadata, audit logs)Operations: Jira (CAB approvals), ServiceNow (ITSM), PagerDuty (incident response)Training/Awareness: KnowBe4 (security awareness metrics)IaC Automation: Spacelift (run history, plan diffs, approvals, rollback info)Infrastructure Analysis: Parse and analyze Terraform/CloudFormation to identify NIST SP 800-53 control alignment and misconfigurationsDAST Implementation: Enhance and productionize OWASP ZAP integration for dynamic application security testing of customer SaaS applicationsDocument Repository: Build secure, controlled repository for customer-specific documentation with AI-powered SSP overlay generationAI/ML IntegrationModel Orchestration: Implement multi-model workflows combining OpenAI (GPT-4o), Anthropic (Claude), Google (Gemini), and Groq for compliance reasoningModel Context Protocol: Build MCP tools exposing platform capabilities to AI agents (user management, findings retrieval, KSI analysis)Fine-Tuning Pipeline: Collaborate on QWEN fine-tuning using Knox's decade of FedRAMP/DISA assessment dataPrompt Engineering: Design and optimize prompts for compliance analysis, risk scoring, and remediation recommendationsVector Search: Implement RAG (Retrieval-Augmented Generation) for policy/control lookup using OpenSearch or dedicated vector DBData Layer & ScalabilityDatabase Design: Extend Prisma schema for new features; optimize complex queries across 35+ modelsCaching Strategies: Implement Redis caching for frequently accessed compliance data and KSI resultsEvent-Driven Architecture: Build SQS-based job queues for long-running compliance evaluations and bulk importsAPI Performance: Ensure API response times Multi-Tenancy: Maintain strict team-based data isolation; implement row-level security where neededDevOps & ReliabilityMonitoring: Instrument code with CloudWatch metrics, structured logging, and distributed tracingError Handling: Implement robust retry logic, circuit breakers, and graceful degradation for third-party API failuresTesting: Write comprehensive unit and integration tests (Jest); achieve >80% code coverage on critical pathsDocumentation: Maintain up-to-date API documentation (OpenAPI), architecture decision records (ADRs), and runbooksRequired QualificationsTechnical Skills5+ years backend development with TypeScript/Node.js; deep understanding of async patterns, streams, and event loopsNestJS or similar frameworks (Express, Fastify, Koa) with dependency injection and modular architecturePostgreSQL expertise: Complex joins, CTEs, window functions, indexing strategies, query optimizationPrisma ORM or similar (TypeORM, Sequelize) with migrations and schema managementRESTful API design: Pagination, filtering, sorting, error handling, versioning, rate limitingAWS services: S3, Lambda, SQS, DynamoDB, OpenSearch, Secrets Manager, IAM policiesAI/ML APIs: Hands-on experience integrating OpenAI, Anthropic, Google Gemini, or similar (not just basic prompts—complex workflows, streaming, function calling)Integration & AutomationThird-party API integration: OAuth2, SAML, webhooks, retry logic, API versioning, SDK usageInfrastructure-as-code familiarity: Ability to parse Terraform/CloudFormation and understand resource configurationsSecurity testing tools: Experience with OWASP ZAP, Burp Suite, or similar DAST/SAST toolsMessage queues: SQS, RabbitMQ, Kafka, or similar for async job processingSoft Skills & MindsetOwnership mentality: End-to-end ownership of features from design → implementation → deployment → monitoringProblem solver: Thrives on debugging complex issues across distributed systems and third-party integrationsDetail-oriented: Compliance work requires precision—small errors can have big consequencesCollaborative: Works closely with frontend engineer, engineering manager, and CTO; clear written communicationBonus/PreferredGRC/compliance background: Prior work in cybersecurity, audit, or compliance automationFedRAMP/DISA knowledge: Understanding of NIST SP 800-53, FedRAMP requirements, or DISA STIGsQWEN or other OSS model fine-tuning experienceLangChain, Haystack, or similar AI orchestration frameworksBun runtime experience or strong enthusiasm for adopting modern JavaScript toolingDocker/containerization for local development and AWS ECS/Fargate deploymentsGraphQL (future roadmap consideration)If selected to move forward, you will be asked to provide:A short Loom video walking through a passion project, including what it does and a review of some of the code.Access to either a public or private repository so we can review their commits and overall code quality.Ideally, the project should be built on (or close to) the stack outlined in the job descriptions.Hiring Requirement: Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process.Any offer of employment is contingent upon the successful completion of all required pre-employment screenings, including a background check, in accordance with applicable laws and government contract requirements.Benefits & PerksKnox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change.We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.#J-18808-Ljbffr