Apply on Employer Site

Knox Systems, Inc. · 18 hours ago

Senior Backend Engineer

Charlotte, NC

Full-time

Hybrid

Senior Level

$145K/yr - $170K/yr

5+ years exp

Knox Systems, Inc. is seeking a Senior Backend Engineer to build their core compliance engine, integrating third-party services and implementing AI-driven analysis. The role focuses on automating workflows for federal compliance and requires expertise in backend development and AI/ML technologies.

ComputerCyber SecurityGovernment

No H1B

U.S. Citizen Only

Hiring Manager

Kathleen Howell

Responsibilities

Core Platform Development

KSI Compliance Engine: Build automated validation for Key Security Indicators across 26+ KSI families (CNA, IAM, SVC, MLA, etc.) with hybrid automated + AI-driven scoring

Integration Pipelines: Develop and maintain integrations with FedRAMP-authorized services:

Security: CrowdStrike (SIEM, EDR, CNAPP), AWS Security Hub, GuardDuty, Inspector, CloudTrail

IAM/PAM: Okta, Keeper (via CLI/SDK for just-in-time access, session metadata, audit logs)

Operations: Jira (CAB approvals), ServiceNow (ITSM), PagerDuty (incident response)

Training/Awareness: KnowBe4 (security awareness metrics)

IaC Automation: Spacelift (run history, plan diffs, approvals, rollback info)

Infrastructure Analysis: Parse and analyze Terraform/CloudFormation to identify NIST SP 800-53 control alignment and misconfigurations

DAST Implementation: Enhance and productionize OWASP ZAP integration for dynamic application security testing of customer SaaS applications

Document Repository: Build secure, controlled repository for customer-specific documentation with AI-powered SSP overlay generation

AI/ML Integration

Model Orchestration: Implement multi-model workflows combining OpenAI (GPT-4o), Anthropic (Claude), Google (Gemini), and Groq for compliance reasoning

Model Context Protocol: Build MCP tools exposing platform capabilities to AI agents (user management, findings retrieval, KSI analysis)

Fine-Tuning Pipeline: Collaborate on QWEN fine-tuning using Knox's decade of FedRAMP/DISA assessment data

Prompt Engineering: Design and optimize prompts for compliance analysis, risk scoring, and remediation recommendations

Vector Search: Implement RAG (Retrieval-Augmented Generation) for policy/control lookup using OpenSearch or dedicated vector DB

Data Layer & Scalability

Database Design: Extend Prisma schema for new features; optimize complex queries across 35+ models

Caching Strategies: Implement Redis caching for frequently accessed compliance data and KSI results

Event-Driven Architecture: Build SQS-based job queues for long-running compliance evaluations and bulk imports

API Performance: Ensure API response times <500ms for critical endpoints; optimize N+1 queries

Multi-Tenancy: Maintain strict team-based data isolation; implement row-level security where needed

DevOps & Reliability

Monitoring: Instrument code with CloudWatch metrics, structured logging, and distributed tracing

Error Handling: Implement robust retry logic, circuit breakers, and graceful degradation for third-party API failures

Testing: Write comprehensive unit and integration tests (Jest); achieve >80% code coverage on critical paths

Documentation: Maintain up-to-date API documentation (OpenAPI), architecture decision records (ADRs), and runbooks

Qualification

TypeScriptNode.jsPostgreSQLAWS servicesAI/ML APIsRESTful API designNestJSPrisma ORMInfrastructure-as-codeThird-party API integrationSecurity testing toolsMessage queuesProblem solverGRC/compliance backgroundFedRAMP/DISA knowledgeQWEN fine-tuning experienceDocker/containerizationGraphQLOwnership mentalityDetail-orientedCollaborative

Required

5+ years backend development with TypeScript/Node.js; deep understanding of async patterns, streams, and event loops

NestJS or similar frameworks (Express, Fastify, Koa) with dependency injection and modular architecture

PostgreSQL expertise: Complex joins, CTEs, window functions, indexing strategies, query optimization

Prisma ORM or similar (TypeORM, Sequelize) with migrations and schema management

RESTful API design: Pagination, filtering, sorting, error handling, versioning, rate limiting

AWS services: S3, Lambda, SQS, DynamoDB, OpenSearch, Secrets Manager, IAM policies

AI/ML APIs: Hands-on experience integrating OpenAI, Anthropic, Google Gemini, or similar (not just basic prompts—complex workflows, streaming, function calling)

Third-party API integration: OAuth2, SAML, webhooks, retry logic, API versioning, SDK usage

Infrastructure-as-code familiarity: Ability to parse Terraform/CloudFormation and understand resource configurations

Security testing tools: Experience with OWASP ZAP, Burp Suite, or similar DAST/SAST tools

Message queues: SQS, RabbitMQ, Kafka, or similar for async job processing

Ownership mentality: End-to-end ownership of features from design → implementation → deployment → monitoring

Problem solver: Thrives on debugging complex issues across distributed systems and third-party integrations

Detail-oriented: Compliance work requires precision—small errors can have big consequences

Collaborative: Works closely with frontend engineer, engineering manager, and CTO; clear written communication

Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process