About Kong
The API gateway for modern microservices
Key Highlights
- Headquartered in The East Cut, San Francisco, CA
- Raised $344.1M in Series D funding
- Over 500 employees serving Global 5000 enterprises
- Core products include Kong Gateway, Galileo, Gelato, and API Marketplace
Kong is a leading provider of API and service lifecycle management solutions, headquartered in The East Cut, San Francisco, CA. With over 500 employees, Kong has raised $344.1 million in Series D funding and serves Global 5000 enterprises, enabling them to securely connect and orchestrate microservi...
🎁 Benefits
Kong offers flexible time off to prioritize personal well-being, stock options for employees to share in the company's success, and U-First Fridays fo...
🌟 Culture
Kong fosters a culture focused on innovation and flexibility, emphasizing the importance of modern architectures like microservices and serverless env...
Skills & Technologies
Overview
Kong is hiring a Staff Security Engineer - Penetration Tester to proactively identify and mitigate security risks across their products and infrastructure. You'll conduct hands-on offensive security assessments and work closely with engineering teams. This role requires expertise in penetration testing and cloud environments.
Job Description
Who you are
You have a strong background in offensive security with experience in penetration testing across various environments, including web applications, APIs, and cloud infrastructure. Your expertise in tools like Burp Suite and Metasploit allows you to identify and exploit security vulnerabilities effectively. You are comfortable working in cloud-native environments, particularly with Kubernetes and AWS, and have a solid understanding of CI/CD pipelines and internal tooling.
You possess excellent collaboration skills, enabling you to work closely with engineering teams to validate findings and prioritize remediation efforts. Your ability to document security vulnerabilities clearly and design internal processes for continuous security improvement sets you apart. You are passionate about embedding security into the engineering culture and have a proactive approach to identifying and mitigating risks.
What you'll do
As Kong's first dedicated Penetration Tester, you will lead the charge in establishing offensive security practices within the organization. You will perform comprehensive penetration testing across various platforms, including web applications, APIs, and microservices, ensuring that security is a priority in all development processes. Your role will involve identifying, exploiting, and documenting security vulnerabilities, as well as working closely with engineering teams to validate findings and support remediation efforts.
You will also be responsible for designing and improving internal processes for continuous security, ensuring that security testing practices are scalable and repeatable. Your influence will help shape how security is integrated into Kong's engineering culture, making a significant impact on the overall security posture of the organization.
What we offer
Kong provides a dynamic work environment where you can make a real difference in the security landscape of our products and services. You will have the opportunity to work with cutting-edge technologies and collaborate with talented professionals across various teams. We encourage you to apply even if your experience doesn't match every requirement, as we value diverse perspectives and backgrounds.
Interested in this role?
Apply now or save it for later. Get alerts for similar jobs at Kong.
Similar Jobs You Might Like
Based on your interests and this role
Security Engineer
Kong is hiring a Staff Cyber Security Engineer to lead the security operations for their API gateway. You'll leverage your expertise in high-performance networking and distributed systems while implementing advanced security solutions. This role requires significant experience in multi-cloud environments and security architecture.
Security Engineer
Snowflake is hiring a Senior (Staff) Penetration Tester to develop tools and methodologies for Red Team engagements in cloud environments. You'll work with AWS, GCP, and Azure, and require 7+ years of software or infrastructure development experience.
Security Engineer
CertiK is hiring a Senior Security Engineer specializing in Penetration Testing to enhance the security of blockchain applications. You'll work on security consulting, auditing, and penetration testing, leveraging your expertise in application security. This role requires a passion for cybersecurity and experience in the field.
Security Engineer
NEORIS is hiring a Senior Security Penetration Tester to conduct advanced security assessments on web and mobile applications, cloud environments, and modern integrations. You'll utilize tools like Burp Suite and OWASP to identify vulnerabilities and ensure robust security measures. This role requires strong technical skills and experience in penetration testing.
Security Engineer
Parafin is hiring a Staff Security Engineer to enhance and scale their security posture across cloud and platform environments. You'll work with AWS and compliance frameworks to ensure systems are secure and reliable. This position requires significant experience in security engineering.