Staff Security Engineer Penetration Tester

Are you ready to power the Worlds connections

If you dont think you meet all of the criteria below but are still interested in the job please apply. Nobody checks every box - were looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others.

About the Role

Were hiring our first in-house Penetration Tester to help us proactively identify and mitigate security risks across Kongs products infrastructure and internal systems. This is a high-impact role where youll help define how offensive security is done at Kong.

As Kongs first dedicated Penetration Tester youll work closely with our Security Platform and Engineering teams to continuously test challenge and improve the security of our products and services.

Youll conduct hands-on offensive security assessments partner with engineers to remediate findings and help establish scalable repeatable security testing practices across a modern cloud-native open-source environment.

This role blends deep technical testing strong collaboration and real influence on how security is embedded into our engineering culture.

What Youll Be Doing

• Perform penetration testing across:

• Web applications APIs and microservices

• Cloud infrastructure and Kubernetes environments

• CI/CD pipelines and internal tooling

• Identify exploit and clearly document security vulnerabilities and misconfigurations

• Work closely with engineering teams to validate findings prioritize risk and support remediation efforts.

• Design and improve internal processes for continuous security testing secure development practices and threat modeling and attack simulation

• Support third-party security assessments bug bounty programs and compliance efforts

• Help educate engineers on common attack vectors and defensive best practices

• Contribute to building a strong security-first culture across Kong.

What Youll Bring

• Proven experience in penetration testing offensive security or red teaming

• Strong understanding of:

• Web application and API security (OWASP Top 10)

• Authentication authorization and identity systems

• Cloud security concepts and shared responsibility models

• Hands-on experience testing modern cloud-native systems

• Ability to clearly communicate security findings to technical and non-technical audiences

• A pragmatic mindset: focused on real risk reduction not just theoretical issues

• Curiosity ownership and comfort working in a fast-moving engineering-driven environment

Bonus Points

• Experience testing API gateways service meshes or distributed systems

• Familiarity with Kubernetes and container security

• Experience with open-source security tools or contributing to open-source projects

• Bug bounty participation or published research

• Experience working in a SaaS or enterprise software company

About Kong:

Kong Inc. a leading developer of API and AI connectivity technologies is building the infrastructure that powers the agentic era. trusted by the Fortune 500 and startups alike Kongs unified API and AI platform Kong Konnect enables organizations to secure manage accelerate govern and monetize the flow of intelligence across APIs and AI models. For more information visit .

Required Experience:

Staff IC