Senior Backend Engineer

Senior Backend EngineerDepartment: Engineering Reports To: Senior Engineering Manager / Director of Engineering Location: Hybrid: NC, MA, NY Classification: Full-Time, Exempt Estimated Compensation: $145-170k Focus: Integrations, AI/ML, Compliance Automation, Infrastructure Analysis About Knox Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government's most critical missions - from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance. Work at Knox is high-impact and purpose-driven. The problems we solve are high-stakes, the expectations are high, and the results are visible. Speed, rigor, and trust matter here - because the environments we secure cannot fail. Your contributions are visible, your expertise is relied upon, and the impact of your work is immediate and measurable. We operate at federal scale, securing some of the most sensitive government environments in the country - because the systems we build must perform without fail. The Role You'll be the backend powerhouse responsible for building KnoxAI's core compliance engine-integrating with third-party services, implementing AI-driven analysis, and automating the complex workflows required for FedRAMP and DISA authorizations. Your work will directly impact federal agencies' ability to assess and authorize SaaS applications securely and efficiently. This role is ideal for a senior engineer who loves solving hard integration problems, working with cutting-edge AI/ML technologies, and building systems that must be both highly reliable and auditable for government compliance. Responsibilities Core Platform Development KSI Compliance Engine: Build automated validation for Key Security Indicators across 26+ KSI families (CNA, IAM, SVC, MLA, etc.) with hybrid automated + AI-driven scoring Integration Pipelines: Develop and maintain integrations with FedRAMP-authorized services: Security: CrowdStrike (SIEM, EDR, CNAPP), AWS Security Hub, GuardDuty, Inspector, CloudTrail IAM/PAM: Okta, Keeper (via CLI/SDK for just-in-time access, session metadata, audit logs) Operations: Jira (CAB approvals), ServiceNow (ITSM), PagerDuty (incident response) Training/Awareness: KnowBe4 (security awareness metrics) IaC Automation: Spacelift (run history, plan diffs, approvals, rollback info) Infrastructure Analysis: Parse and analyze Terraform/CloudFormation to identify NIST SP 800-53 control alignment and misconfigurations DAST Implementation: Enhance and productionize OWASP ZAP integration for dynamic application security testing of customer SaaS applications Document Repository: Build secure, controlled repository for customer-specific documentation with AI-powered SSP overlay generation AI/ML Integration Model Orchestration: Implement multi-model workflows combining OpenAI (GPT-4o), Anthropic (Claude), Google (Gemini), and Groq for compliance reasoning Model Context Protocol: Build MCP tools exposing platform capabilities to AI agents (user management, findings retrieval, KSI analysis) Fine-Tuning Pipeline: Collaborate on QWEN fine-tuning using Knox's decade of FedRAMP/DISA assessment data Prompt Engineering: Design and optimize prompts for compliance analysis, risk scoring, and remediation recommendations Vector Search: Implement RAG (Retrieval-Augmented Generation) for policy/control lookup using OpenSearch or dedicated vector DB Data Layer & Scalability Database Design: Extend Prisma schema for new features; optimize complex queries across 35+ models Caching Strategies: Implement Redis caching for frequently accessed compliance data and KSI results Event-Driven Architecture: Build SQS-based job queues for long-running compliance evaluations and bulk imports API Performance: Ensure API response times Multi-Tenancy: Maintain strict team-based data isolation; implement row-level security where needed DevOps & Reliability Monitoring: Instrument code with CloudWatch metrics, structured logging, and distributed tracing Error Handling: Implement robust retry logic, circuit breakers, and graceful degradation for third-party API failures Testing: Write comprehensive unit and integration tests (Jest); achieve >80% code coverage on critical paths Documentation: Maintain up-to-date API documentation (OpenAPI), architecture decision records (ADRs), and runbooks Required QualificationsTechnical Skills 5+ years backend development with TypeScript/Node.js; deep understanding of async patterns, streams, and event loops NestJS or similar frameworks (Express, Fastify, Koa) with dependency injection and modular architecture PostgreSQL expertise: Complex joins, CTEs, window functions, indexing strategies, query optimization Prisma ORM or similar (TypeORM, Sequelize) with migrations and schema management RESTful API design: Pagination, filtering, sorting, error handling, versioning, rate limiting AWS services: S3, Lambda, SQS, DynamoDB, OpenSearch, Secrets Manager, IAM policies AI/ML APIs: Hands-on experience integrating OpenAI, Anthropic, Google Gemini, or similar (not just basic prompts-complex workflows, streaming, function calling) Integration & Automation Third-party API integration: OAuth2, SAML, webhooks, retry logic, API versioning, SDK usage Infrastructure-as-code familiarity: Ability to parse Terraform/CloudFormation and understand resource configurations Security testing tools: Experience with OWASP ZAP, Burp Suite, or similar DAST/SAST tools Message queues: SQS, RabbitMQ, Kafka, or similar for async job processing Soft Skills & Mindset Ownership mentality: End-to-end ownership of features from design → implementation → deployment → monitoring Problem solver: Thrives on debugging complex issues across distributed systems and third-party integrations Detail-oriented: Compliance work requires precision-small errors can have big consequences Collaborative: Works closely with frontend engineer, engineering manager, and CTO; clear written communication Bonus/Preferred GRC/compliance background: Prior work in cybersecurity, audit, or compliance automation FedRAMP/DISA knowledge: Understanding of NIST SP 800-53, FedRAMP requirements, or DISA STIGs QWEN or other OSS model fine-tuning experience LangChain, Haystack, or similar AI orchestration frameworks Bun runtime experience or strong enthusiasm for adopting modern JavaScript tooling Docker/containerization for local development and AWS ECS/Fargate deployments GraphQL (future roadmap consideration) If selected to move forward, you will be asked to provide: A short Loom video walking through a passion project, including what it does and a review of some of the code. Access to either a public or private repository so we can review their commits and overall code quality. Ideally, the project should be built on (or close to) the stack outlined in the job descriptions. Hiring Requirement: Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process. Any offer of employment is contingent upon the successful completion of all required pre-employment screenings, including a background check, in accordance with applicable laws and government contract requirements. Benefits & Perks Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change. We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.

Created: 2026-03-04