Staff Cyber Security Engineer

Are you ready to power the Worlds connections

If you dont think you meet all of the criteria below but are still interested in the job please apply. Nobody checks every box - were looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others.

As a Staff Security Engineer you will serve as the technical security lead for securing the worlds most popular API gateway. You will apply deep expertise in high-performance networking and distributed systems to shape the security posture of the Kong Cloud. Youll spend your time architecting the evolution of our security capabilitiesspecifically focused on leveraging Open Source (OSS) and building state of the art network and application security solutions..

What youll do:

• Domain Expertise: Act as the lead subject matter expert for the Kong Cloud Security Operations.

• Threat Defense Leadership: Architect and implement next-generation WAF IDS and IPS capabilities at the gateway level to protect against OWASP Top 10 zero-day exploits and sophisticated API abuse.

• Multi-Cloud Security: Design and implement Zero Trust security models that operate seamlessly across hybrid and multi-cloud environments (AWS Azure GCP On-prem).

• Strategic Roadmap: Partner with Product and Architecture leads to define the multi-year security roadmap for Kong Gateway balancing the needs of the OSS community with Enterprise requirements.

• Incident Resolution: Lead the response to complex multi-faceted security challengesfrom supply chain vulnerabilities in open-source dependencies to high-stakes CVE remediations.

• Mentorship & Influence: Champion a Security-First culture by mentoring engineers on secure coding practices and influencing the long-term cybersecurity maturity of the entire organization.

What youll bring:

• 8 years experience in Cybersecurity Engineering with a focus on high-traffic infrastructure or API management.

• Extensive experience with Kong Gateway Nginx eBPF or similar technologies.

• Cloud-Native & Multi-Cloud: Expert-level knowledge of multi-cloud solution design specifically securing traffic across disparate cloud providers and Kubernetes environments.

• Security Domain Specialist: Proven track record in designing/deploying WAF IDS and IPS systems at scale with an understanding of signature-based vs. ML-based detection.

• Programming Proficiency:Python Go or Rust

• Open Source Contributor: Experience contributing to or maintaining open-source security projects is a significant asset.

• Design Excellence: Ability to produce high-quality high-performance security designs that do not compromise the millisecond-latency promise of the gateway.

About Kong:

Kong Inc. a leading developer of API and AI connectivity technologies is building the infrastructure that powers the agentic era. trusted by the Fortune 500 and startups alike Kongs unified API and AI platform Kong Konnect enables organizations to secure manage accelerate govern and monetize the flow of intelligence across APIs and AI models. For more information visit .

Required Experience:

Staff IC