Network Security Engineer

POSITION OVERVIEWKKR is seeking a network security engineer to join our information security team in Boston or New York. This is an in-person role with expectations to be on-site 4 days a week in Boston This role is ideal for an engineer with 6+ years of experience developing, and building solutions with expertise across network, email, endpoint, data, identity and cloud security. Experience in financial systems, cloud (AWS/Azure), or AI security is highly valued.RESPONSIBILITIESNetwork Security:Design, implement, and manage network security solutions, including firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and network access control (NAC).Analyze network traffic for potential security threats and vulnerabilities.Develop and enforce network security policies, procedures, and standards.Email Security:Configure and manage secure email gateways to protect against phishing, spam, malware, and other email-based threats.Implement and maintain email encryption protocols.Conduct regular security assessments and audits of email systems.Endpoint Security:Deploy and manage endpoint security solutions, including antivirus, antimalware, EDR (Endpoint Detection and Response), and DLP (Data Loss Prevention) tools.Ensure endpoint devices are compliant with security policies and have the latest security patches and updates.Respond to and mitigate endpoint security incidents.Vulnerability Management:Develop and manage vulnerability management programs, including regular scanning, assessment, and remediation.Collaborate with IT teams to prioritize and address vulnerabilities based on risk and impact.Track and report on the status of vulnerability remediation efforts.Cloud Security:Implement and manage security controls across various cloud platforms (e.g., AWS, Google Cloud, Microsoft Azure).Ensure the security of cloud-based infrastructure, applications, and services.QUALIFICATIONSExperienced security professional with a strong background in networking, infrastructure, and security, ideally gained in organizations of various sizes and through working in multiple roles with diverse technologies and products.Understanding of core principles of how modern infrastructure technologies operate (such as virtualization of computing and networking, containers, cloud computing, SaaS, PaaS etc) and the security aspects of these technologiesSolid understanding of the operation of LAN/WAN IP-based networks (TCP/IP, routing/switching, VLANs, NAT, DNS, DHCP)Understanding of principles of applied cryptography - symmetric/asymmetric encryption, hashing, SSL/TLS, SSH, PKI, IPSec, site-to-site/remote access VPN, disk encryption, HSMUnderstanding of attack vectors against modern enterprises: phishing, ransomware, malware, DoS/DDoS, drive-by, MITM, various type of injection (i.e. SQL), cross-site scripting, etc.; methods of defense from these attacksKnowledge of common security principles, concepts, and methods (authentication, authorization, single sign-on, network segregation, DMZ, Zero Trust, defense-in-depth, penetration testing, sandboxing etc.)Ability and desire to code, script and automate in order to improve own and team's operational efficiencyUnderstanding of aspects of application delivery in principle and firewalling/load balancing in particularUnderstanding of HTTP operation and associated concepts (its methods, cookies, sessions, caching, CDNs, HTTP-based applications and protocols etc)