Product Security Engineer
Listed on 2026-07-07
-
IT/Tech
Cybersecurity, IT Consultant
COMPANY OVERVIEW
KKR is a leading global investment firm that offers alternative asset management as well as capital markets and insurance solutions. KKR aims to generate attractive investment returns by following a patient and disciplined investment approach, employing world‑class people, and supporting growth in its portfolio companies and communities. KKR sponsors investment funds that invest in private equity, credit and real assets and has strategic partners that manage hedge funds.
KKR’s insurance subsidiaries offer retirement, life and reinsurance products under the management of Global Atlantic Financial Group. References to KKR’s investments may include the activities of its sponsored funds and insurance subsidiaries.
KKR's Technology organization is a group of passionate technologists and product managers, unified by a shared mission to deliver exceptional products and solutions that drive value for our stakeholders, clients, and investors. Our passion for technology and innovation fuels our commitment to creating high‑quality, impactful solutions that address complex challenges and meet the evolving needs of our sophisticated businesses.
Teamwork is at the core of the organization’s success. We thrive on open collaboration and continuous learning, driving a culture that values diversity of thought and collective achievement. Our global footprint fosters the integration of a diverse set of ideas and viewpoints in product and solution delivery, allowing us to design more comprehensive solutions that are adaptable and scalable. We optimize for impact, prioritizing and delivering solutions with excellence while remaining agile in response to the evolving needs of our businesses.
POSITIONSUMMARY
KKR is seeking an experienced Product Security Professional. This role offers exciting opportunities for growth and impact as KKR scales its business and continues to innovate. As a Security Analyst, you will be responsible for designing, implementing, and maintaining security measures across our environment specific to our internally developed applications and external facing applications. You must be proficient in troubleshooting, vulnerability management, cloud security, application security, and have a deep understanding of a wide range of systems and be capable of leading other teams in these efforts.
You will work closely with IT and other business units to ensure our security posture remains strong, aligned with industry best practices, and compliant with regulatory requirements. You will also be looking over the horizon, identifying future needs and exploring leading edge solutions.
- Conduct application security assessments and penetration tests to identify vulnerabilities and security issues.
- Work closely with the software development team to ensure that secure coding practices are implemented throughout the application development lifecycle.
- Design and implement security solutions to protect applications from potential threats.
- Provide guidance and recommendations on application security best practices.
- Maintain knowledge of the latest security trends, threats, and countermeasures.
- Participate in incident response and handling activities related to application security incidents.
- Conduct security awareness and training sessions for the development team to promote secure coding practices.
- Develop and maintain application security standards, policies, and procedures.
- Report and document security findings and remediation activities.
- Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline.
- Bachelor's degree in computer science, information technology, or a related field.
- Proven experience as an Application Security Engineer or similar role.
- Strong understanding of software development life cycle (SDLC) and secure coding practices.
- Proficiency in conducting security assessments and penetration tests.
- Experience with security tools and technologies such as firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and network access control (NAC).
- Knowledge of regulatory requirements and industry best…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).