COMPANY OVERVIEW

KKR is a leading global investment firm that offers alternative asset management as well as capital markets and insurance solutions. KKR aims to generate attractive investment returns by following a patient and disciplined investment approach, employing world-class people, and supporting growth in its portfolio companies and communities. KKR sponsors investment funds that invest in private equity, credit and real assets and has strategic partners that manage hedge funds. KKR’s insurance subsidiaries offer retirement, life and reinsurance products under the management of Global Atlantic Financial Group. References to KKR’s investments may include the activities of its sponsored funds and insurance subsidiaries.

TEAM OVERVIEW

KKR's Technology organization is a group of passionate technologists and product managers, unified by a shared mission to deliver exceptional products and solutions that drive value for our stakeholders, clients, and investors. Our passion for technology and innovation fuels our commitment to creating high-quality, impactful solutions that address complex challenges and meet the evolving needs of our sophisticated businesses.

Teamwork is at the core of the organization’s success. We thrive on open collaboration and continuous learning, driving a culture that values diversity of thought and collective achievement. Our global footprint fosters the integration of a diverse set of ideas and viewpoints in product and solution delivery, allowing us to design more comprehensive solutions that are adaptable and scalable. We optimize for impact, prioritizing and delivering solutions with excellence while remaining agile in response to the evolving needs of our businesses.

Position Summary

KKR is seeking an experienced Product Security Professional. This role offers exciting opportunities for growth and impact as KKR scales its business and continues to innovate. As a Security Analyst, you will be responsible for designing, implementing, and maintaining security measures across our environment specific to our internally developed applications and external facing applications. You must be proficient in troubleshooting, vulnerability management, cloud security, application security, and have a deep understanding of a wide range of systems and be capable of leading other teams in these efforts. You will work closely with IT and other business units to ensure our security posture remains strong, aligned with industry best practices, and compliant with regulatory requirements. You will also be looking over the horizon, identifying future needs and exploring leading edge solutions.

Responsibilities:

• Conduct application security assessments and penetration tests to identify vulnerabilities and security issues.
• Work closely with the software development team to ensure that secure coding practices are implemented throughout the application development lifecycle.
• Design and implement security solutions to protect applications from potential threats.
• Provide guidance and recommendations on application security best practices.
• Maintain knowledge of the latest security trends, threats, and countermeasures.
• Participate in incident response and handling activities related to application security incidents.
• Conduct security awareness and training sessions for the development team to promote secure coding practices.
• Develop and maintain application security standards, policies, and procedures.
• Report and document security findings and remediation activities.
• Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline.

QUALIFICATIONS

• Bachelor's degree in computer science, information technology, or a related field.
• Proven experience as an Application Security Engineer or similar role.
• Strong understanding of software development life cycle (SDLC) and secure coding practices.
• Proficiency in conducting security assessments and penetration tests.
• Experience with security tools and technologies such as firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and network access control (NAC).
• Knowledge of regulatory requirements and industry best practices related to application security.
• Experience with cloud security and DevSecOps practices.
• Familiarity with OWASP Top Ten and other security frameworks.
• Team-player who enjoys working in a collaborative and collegial environment and is an active contributor as part of a global team.
• Ability to work calmly under pressure and meet deadlines and solve problems requiring creativity, initiative and drive; self-motivated and enjoys a sense of pride in their accomplishments.
• Ability to present ideas in a user-friendly, business-friendly and technical language.
• Strategic self-starter with an innovative mindset and outstanding attention to detail.

LI-ONSITE

This is the expected annual base salary range for this Boston-based position. Actual salaries may vary based on factors, such as skill, experience, and qualification for the role. Employees may be eligible for a discretionary bonus, based on factors such as individual and team performance.

Base Salary Range

$135,000 - $170,000 USD

KKR is an equal opportunity employer. Individuals seeking employment are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, or any other category protected by applicable law.

KKR will provide reasonable accommodations as required by applicable federal, state, and/or local laws. Individuals seeking an accommodation for the application or interview process should email Benefits@kkr.com. Emails sent for unrelated issues, such as following up on an application, will not receive a response.

If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access https://www.kkr.com/careers because of your disability. You can request reasonable accommodations by sending an email to Benefits@kkr.com. Only emails left for this purpose will be returned.

Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. This notice applies only to applicants and employees who work or will work in Massachusetts, in accordance with applicable state law.