Listing Description

Security Engineer

KoBold Metals is a mineral exploration company using AI to explore for the metals we need for our transition to a low-carbon economy. KoBold’s business is discovering, defining, expanding, and developing mineral resources, and KoBold’s objective is to achieve a step-change improvement in exploration success: we aim to discover more tier 1 resources, faster, and with fewer failures.

KoBold has a global portfolio of more than 50 exploration properties targeting nickel, copper, cobalt, and lithium, which range from 100%-owned to partnerships with both majors, junior explorers, and prospectors.

Our team includes the best of the industry in exploration geoscience, data science, software engineering, operations, and business personnel. Prior to joining KoBold, KoBold team members have made nearly 20 discoveries. Our exploration programs are co-led by our geoscientists and data scientists, who develop exploration hypotheses, rigorously quantify uncertainty in our understanding of the subsurface, and design data collection programs that most effectively reduce uncertainty, drawing upon a large suite of proprietary exploration technology built by our data scientists and software engineers. Our field programs validate and improve the system and have demonstrated material improvements over conventional exploration methods

KoBold is privately held and our investors include: institutional asset managers T. Rowe Rice and Canada Pension Plan Investments; technology venture capitalists Andreessen Horowitz, Bill Gates’s Breakthrough Energy Ventures, BOND Capital, Standard Investments, and Sam Altman’s Apollo Projects; and leading natural resources companies Equinor, Mitsubishi, and BHP.

We are hiring a Security Engineer to help accelerate our mission.

About the position

In this role you will act as the primary security resource within a team of 3-5 cross-functional engineers responsible for designing, implementing, and managing KoBold's software and device security infrastructure to protect our information systems, networks, and data. This is a hands-on role that provides a unique opportunity to shape the future direction and design of our systems in safeguarding KoBold against cyber threats, ensuring compliance with security policies and regulations, and responding to security incidents. As the first dedicated cybersecurity hire, you will help us build the cybersecurity group from the ground up.

Responsibilities

The Security Engineer will:

• Develop and maintain Kobold’s security strategy, policies, and procedures to safeguard IT infrastructure, devices, and data assets according to evolving industry best practice.


• Deploy and maintain security systems for both IT and cloud infrastructure, including network flow controls, authentication and access controls, encryption protocols, data access controls, intrusion detection/prevention systems, mobile device management systems and antivirus software.


• Monitor security systems and networks for unusual activity, intrusions, and security events.


• Develop and maintain proactive alerting systems and incident response plans.


• Respond to security alerts and incidents in a timely and effective manner.


• Perform regular security assessments and vulnerability scans


• Perform or commission penetration tests to identify and address weaknesses in systems and applications.


• Develop and execute plans for compliance and mitigation of risk.


• Engage and coordinate with third-party risk and compliance assessments


• Conduct security awareness programs and training for employees to promote a culture of security within the organization.

Qualifications

You must have:

• At least 5 years of experience as a cybersecurity professional at a company with high security standards.


• Hands-on experience configuring and managing security technologies, including firewalls, IDS/IPS, VPNs, and endpoint security solutions.


• Hands-on experience improving security for mobile devices, laptops, and workstations.


• Deep understanding of network protocols (TCP/IP, UDP, DNS, HTTPS, etc.), architecture, and security.


• Experience with cloud security, such as AWS and Google Cloud Platform.


• Experience with Windows and Mac mobile device management systems.


• Familiarity with security assessment tools and methodologies, such as OWASP, ATT&CK, NIST, PCI, SOC2, etc.

It is helpful, but not required, to have:

• Familiarity with Infrastructure As Code (IAC) through software such as Terraform, CloudFormation, Ansible, etc.


• Familiarity with containerization and container orchestration platforms, such as Docker, AWS ECS, Kubernetes, etc.

• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Offsec PEN and EXP 200 level and above, Certified Ethical Hacker (CEH), etc. 

A candidate should be:

• A strong communicator who enjoys working with colleagues both in IT/Infrastructure and across the business


• Highly self-motivated and autonomous


• Excited to work in and comfortable with a fast-changing work environment

KoBold Metals is an equal opportunity workplace and an affirmative action employer. We are committed to equal employment opportunity for people of any race, color, ancestry, religion, sex, gender identity, sexual orientation, marital status, national origin, age, citizenship, marital status, disability, or veteran status.

This position is full-time, exempt.

The US base salary range for this full-time exempt position is $150,000-$225,000.

Location: KoBold is a remote first workplace, we are open to candidates currently residing anywhere in the United States or Canada. All candidates must be authorized to legally work in either the United States for Canada