Senior Backend Engineer

Job Description

Senior Backend Engineer

Department: Engineering

Reports To: Senior Engineering Manager / Director of Engineering

Location: Hybrid: NC, MA, NY

Classification: Full-Time, Exempt

Estimated Compensation: $145-170k

Hiring Requirement: Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process.

Focus: Integrations, AI/ML, Compliance Automation, Infrastructure Analysis

Overview

You'll be the backend powerhouse responsible for building KnoxAI's core compliance engine—integrating with third-party services, implementing AI-driven analysis, and automating the complex workflows required for FedRAMP and DISA authorizations. Your work will directly impact federal agencies' ability to assess and authorize SaaS applications securely and efficiently.

This role is ideal for a senior engineer who loves solving hard integration problems, working with cutting-edge AI/ML technologies, and building systems that must be both highly reliable and auditable for government compliance.

Responsibilities

Core Platform Development

• KSI Compliance Engine: Build automated validation for Key Security Indicators across 26+ KSI families (CNA, IAM, SVC, MLA, etc.) with hybrid automated + AI-driven scoring
• Integration Pipelines: Develop and maintain integrations with FedRAMP-authorized services:
• Security: CrowdStrike (SIEM, EDR, CNAPP), AWS Security Hub, GuardDuty, Inspector, CloudTrail
• IAM/PAM: Okta, Keeper (via CLI/SDK for just-in-time access, session metadata, audit logs)
• Operations: Jira (CAB approvals), ServiceNow (ITSM), PagerDuty (incident response)
• Training/Awareness: KnowBe4 (security awareness metrics)
• IaC Automation: Spacelift (run history, plan diffs, approvals, rollback info)
• Infrastructure Analysis: Parse and analyze Terraform/CloudFormation to identify NIST SP 800-53 control alignment and misconfigurations
• DAST Implementation: Enhance and productionize OWASP ZAP integration for dynamic application security testing of customer SaaS applications
• Document Repository: Build secure, controlled repository for customer-specific documentation with AI-powered SSP overlay generation

AI/ML Integration

• Model Orchestration: Implement multi-model workflows combining OpenAI (GPT-4o), Anthropic (Claude), Google (Gemini), and Groq for compliance reasoning
• Model Context Protocol: Build MCP tools exposing platform capabilities to AI agents (user management, findings retrieval, KSI analysis)
• Fine-Tuning Pipeline: Collaborate on QWEN fine-tuning using Knox's decade of FedRAMP/DISA assessment data
• Prompt Engineering: Design and optimize prompts for compliance analysis, risk scoring, and remediation recommendations
• Vector Search: Implement RAG (Retrieval-Augmented Generation) for policy/control lookup using OpenSearch or dedicated vector DB

Data Layer & Scalability

• Database Design: Extend Prisma schema for new features; optimize complex queries across 35+ models
• Caching Strategies: Implement Redis caching for frequently accessed compliance data and KSI results
• Event-Driven Architecture: Build SQS-based job queues for long-running compliance evaluations and bulk imports
• API Performance: Ensure API response times <500ms for critical endpoints; optimize N+1 queries
• Multi-Tenancy: Maintain strict team-based data isolation; implement row-level security where needed

DevOps & Reliability

• Monitoring: Instrument code with CloudWatch metrics, structured logging, and distributed tracing
• Error Handling: Implement robust retry logic, circuit breakers, and graceful degradation for third-party API failures
• Testing: Write comprehensive unit and integration tests (Jest); achieve >80% code coverage on critical paths
• Documentation: Maintain up-to-date API documentation (OpenAPI), architecture decision records (ADRs), and runbooks

Required Qualifications

Technical Skills

• 5+ years backend development with TypeScript/Node.js; deep understanding of async patterns, streams, and event loops
• NestJS or similar frameworks (Express, Fastify, Koa) with dependency injection and modular architecture
• PostgreSQL expertise: Complex joins, CTEs, window functions, indexing strategies, query optimization
• Prisma ORM or similar (TypeORM, Sequelize) with migrations and schema management
• RESTful API design: Pagination, filtering, sorting, error handling, versioning, rate limiting
• AWS services: S3, Lambda, SQS, DynamoDB, OpenSearch, Secrets Manager, IAM policies
• AI/ML APIs: Hands-on experience integrating OpenAI, Anthropic, Google Gemini, or similar (not just basic prompts—complex workflows, streaming, function calling)

Integration & Automation

• Third-party API integration: OAuth2, SAML, webhooks, retry logic, API versioning, SDK usage
• Infrastructure-as-code familiarity: Ability to parse Terraform/CloudFormation and understand resource configurations
• Security testing tools: Experience with OWASP ZAP, Burp Suite, or similar DAST/SAST tools
• Message queues: SQS, RabbitMQ, Kafka, or similar for async job processing

Soft Skills & Mindset

• Ownership mentality: End-to-end ownership of features from design → implementation → deployment → monitoring
• Problem solver: Thrives on debugging complex issues across distributed systems and third-party integrations
• Detail-oriented: Compliance work requires precision—small errors can have big consequences
• Collaborative: Works closely with frontend engineer, engineering manager, and CTO; clear written communication

Bonus/Preferred

• GRC/compliance background: Prior work in cybersecurity, audit, or compliance automation
• FedRAMP/DISA knowledge: Understanding of NIST SP 800-53, FedRAMP requirements, or DISA STIGs
• QWEN or other OSS model fine-tuning experience
• LangChain, Haystack, or similar AI orchestration frameworks
• Bun runtime experience or strong enthusiasm for adopting modern JavaScript tooling
• Docker/containerization for local development and AWS ECS/Fargate deployments
• GraphQL (future roadmap consideration)

If selected to move forward, you will be asked to provide:

• A short Loom video walking through a passion project, including what it does and a review of some of the code.
• Access to either a public or private repository so we can review their commits and overall code quality.

Ideally, the project should be built on (or close to) the stack outlined in the job descriptions.

Benefits & Perks

Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life &

Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject

to change.

We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.