ForgeApply
Try it free

ForgeApply · Job listing

Senior Purple Team Engineer

Koho

Remote · US$160k – $190k

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

ABOUT KOHO

We’re on a mission to make financial services better for every Canadian. That means no hidden fees, no predatory interest rates - just financial products designed to help our users spend smart, save more, and build real wealth. We’re a performance organization with a strong heart: we care deeply about outcomes, and everything ties back to our mission - to financially empower a generation of Canadians.

At KOHO, we’re not your average 9-5. We believe real impact comes from people who are trusted, empowered, and supported to do their best work - without sacrificing their lives to do it. We prioritize work-life integration, not just work-life balance. That means asynchronous collaboration, flexible hours, and a remote-first setup built around autonomy and high trust.

KOHO is entering its next chapter - leaner, smarter, more AI-integrated. We’re building for impact, not bureaucracy. If you thrive in environments that value clarity, ownership, and bold thinking, you’ll fit right in.

ABOUT THE ROLE

We’re looking for a Senior Purple Team Engineer to join our team for a role to work remotely based in Canada. Are you someone that has been doing incident response but would like to also have a technical component to your job? Or vice-versa?

You are the coach. You build company-wide preparedness for a cyber incident, starting with the security team and extending across KOHO. When an incident hits, you're part of the response team, stepping in as incident commander or supporting, depending on context and what the situation requires.

In addition to incident response, this role is responsible for building KOHO's deception engineering program from the ground up. This covers both internal detection assets (honeypots, canary tokens, decoy users, breadcrumbs) and external-facing deception (fake credentials, canary tokens embedded in customer-facing surfaces, and decoy infrastructure seeded in attacker-accessible surfaces). The program generates threat intelligence that feeds back into detection logic, playbooks, and KOHO's broader threat model.

Reporting to our Senior Manager, Product Security you’re going to be a part of a team that does.

WHAT YOU’LL BE DOING

- Own and lead incident response readiness across KOHO. Starting with the security team, conduct regular tabletop exercises and playbook reviews.

- Plan and execute adversarial simulations: scope engagements, operate within defined rules of engagement, conduct offensive operations, and deliver findings that drive measurable security improvements.

- Expand incident response readiness across KOHO and build response playbooks for marketing, data, legal, people & culture, risk, etc.

- Conduct table top exercises with c-level to test risk acceptance and limitations.

- Document lessons learned, operational improvements, and playbook updates. Execute all improvements.

- Lead incident response/DFIR during a cybersecurity incident.

- Conduct post incident documentation to determine contributing factors and lessons learned.

- Design and deploy internal deception assets to detect lateral movement, insider threats, and unauthorized access across KOHO's environment.

- Build external-facing deception capabilities, including fake credentials, canary tokens embedded in customer-facing surfaces, and decoy infrastructure seeded in breach databases and other attacker-accessible surfaces.

- Instrument deception assets to generate actionable threat intelligence and feed findings back into detection logic, playbooks, and the broader threat model.

- Build the triage and response workflow for deception-triggered alerts into existing SOC operations, from signal to investigation to lessons learned.

WHO YOU ARE

- Bachelor’s degree in computer science, technology management, or related technical or management field.

- You are a self-starter who can build programs from the ground up and build operations .

- Hands on experience and working understanding of AWS.

- Experience designing and deploying deception programs covering both internal detection assets and external-facing deception infrastructure.

- Strong knowledge in MITRE ATT&CK and cyber kill chain

- Hands-on experience planning and executing adversarial simulations, including scoping engagements, defining rules of engagement, and delivering post-engagement reporting.

- Experience operating offensive security tooling and techniques to emulate real-world threat actor behaviour.

The budgeted salary range for this role is $160,000 - 190,000 CAD / year.

At KOHO, we are dedicated to providing pay transparency to all candidates. Compensation at KOHO is determined through various factors including but not limited to: comparable salary market data within Canada, technical skill assessment, a holistic view of previous work history, and internal pay equity with other KOHO team members.

Description de poste en français

À propos du poste

Nous sommes à la recherche d’un ingénieur principal d'équipe mauve (Senior Purple Team Engineer) pour pourvoir un poste en télétravail partout au Canada. Vous spécialisez-vous en réponse aux incidents, mais aimeriez intégrer un volet plus technique à vos fonctions? Ou inversement?

Vous agirez à titre de coach. Votre rôle consistera à préparer l’ensemble de l’entreprise à faire face aux cyberincidents, en commençant par l’équipe de sécurité pour ensuite étendre cette culture à tout KOHO. Lorsqu’un incident survient, vous faites partie de l’équipe d'intervention en agissant comme commandant d'incident ou en offrant votre soutien, selon le contexte et les exigences de la situation.

En plus de la réponse aux incidents, vous serez responsable de bâtir entièrement le programme d’ingénierie de la déception (deception engineering) de KOHO. Ce volet englobe à la fois les actifs de détection internes (pots de miel/honeypots, jetons canaris/canary tokens, utilisateurs leurres, miettes de pain/breadcrumbs) et la déception externe (identifia

Ready to apply to Koho?

Apply in about a minute

Similar jobs

More like this: More jobs at Koho · Browse all jobs