KKR
Technology - Network Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About KKR
KKR & Co. Inc. is a prominent global investment firm that specializes in private equity, leveraged buyouts, and alternative asset management across various asset classes. Founded in 1976 in New York City, KKR pioneered the leveraged buyout strategy, allowing it to acquire and improve operations of companies for profit. Over the years, KKR has evolved from a U.S.-focused firm to a multinational alternative asset manager with a significant presence in the industry. The firm invests across private markets, including private equity, credit, infrastructure, and real estate, serving clients such as insurance firms and public pension funds. KKR employs a core approach that leverages operational expertise and strategic resources to enhance portfolio companies. Notable historical investments include the buyouts of Houdaille Industries, RJR Nabisco, and TXU Energy. KKR is committed to generating attractive returns while fostering shared success for companies and communities.
Security at KKR
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Stated AppSec Mission: "KKR prioritizes the security of our clients' information and assets"– KKR Security and Fraud Awareness (https://www.kkr.com/security-and-fraud-awareness), KKR website . Developer Enablement vs. Gatekeeping: "Integrate security tools and practices into the CI/CD pipeline."– Application Security Engineer job (Job ID/URL: https://www.shine.com/jobs/application-security-engineer/kkr-co-inc/18397419), Job Posting. Risk Philosophy: "We believe that companies that do not handle data and cybersecurity responsibly may face reputational or regulatory risks."– KKR Insights (webinar page) (https://www.kkr.com/insights/how-can-handling-data-responsibly-make-companies-more-sustainable), KKR website . Stated Pain Points or Goals (Verbatim): "Responsible for designing, implementing, and maintaining security measures across various applications."– Application Security Engineer job (https://www.shine.com/jobs/application-security-engineer/kkr-co-inc/18397419), Job Posting. Gaps & Contradictions: Information not publicly available.”
Security Team
Org Structure & Reporting Line: "the Firm's Chief Information Security Officer (CISO)"– David Stern bio (https://www.kkr.com/about/our-people/david-stern), KKR People Page . Key Public-Facing Leaders: - David Stern, Managing Director, Chief Information Security Officer – https://www.kkr.com/about/our-people/david-stern Key Quote: "the Firm's Chief Information Security Officer (CISO)"– David Stern bio . - Paul Harragan, Global Cybersecurity lead for KKR Capstone/portfolio – https://www.kkr.com/about/our-people/paul-harragan Key Quote: "Global Cybersecurity lead for the firm's portfolio"– Paul Harragan bio . Key Quote from Portfolio Role: "I call myself a portfolio CISO."– Paul Harragan, NetSPI podcast (https://www.netspi.com/podcast/cybersecurity-lessons-on-the-path-to-private-equity/), Podcast (Third-party). Team Size Estimate (as_of:): Information not publicly available. LinkedIn Search Query Used: site:linkedin.com "KKR""application security"OR "product security"OR "security engineer"Active AppSec Job Postings (as_of:): Count: 1 (Application Security Engineer listing) – https://www.shine.com/jobs/application-security-engineer/kkr-co-inc/18397419 . Common Skill/Tool Patterns: "Integrate security tools and practices into the CI/CD pipeline."– Application Security Engineer job . "Experience with cloud security and DevSecOps practices."– Application Security Engineer job (https://www.shine.com/jobs/application-security-engineer/kkr-co-inc/18397419), Job Posting. "Familiarity with OWASP Top Ten"– Application Security Engineer job . "Design, deploy, and manage KKR SIEM platforms and supporting infrastructure."– Information Security (SIEM) job (https://startup.jobs/information-security-engineer-careers-at-kkr-4708926) ⚠️, Job Posting. Gaps & Contradictions: Information not publicly available regarding exact team size and formal reporting line beyond the CISO title.
Key Initiatives
Security Champions Program: Status: No Evidence Found. Quote: Information not publicly available. "Shift Left"in Practice: "Integrate security tools and practices into the CI/CD pipeline."– Application Security Engineer job . Vulnerability Management Process: Intake: No public, explicit statement naming sources such as bug bounty, pen-tests, or scanners was found. "Information not publicly available."Triage/Remediation: No public SLAs, MTTR, or ticket ownership statements were found. "Information not publicly available."Secure SDLC Artifacts: "Responsible for designing, implementing, and maintaining security measures across various applications."– Application Security Engineer job . Recent Initiatives (Last 6 Months): No explicit new AppSec programs or tool rollouts were found in public KKR statements within the last six months. "Information not publicly available."Gaps & Contradictions: Public materials describe organizational security leadership and hiring activity but do not publish AppSec program-level workflows, SLAs, or detailed tooling rollouts.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.