Are you ready to power the World's connections?If you don't think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we're looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.About the RoleWe're hiring our first in-house Penetration Tester to help us proactively identify and mitigate security risks across Kong's products, infrastructure, and internal systems. This is a high-impact role where you'll help define how offensive security is done at Kong.As Kong's first dedicated Penetration Tester, you'll work closely with our Security, Platform, and Engineering teams to continuously test, challenge, and improve the security of our products and services.You'll conduct hands‐on offensive security assessments, partner with engineers to remediate findings, and help establish scalable, repeatable security testing practices across a modern, cloud‐native, open‐source environment.This role blends deep technical testing, strong collaboration, and real influence on how security is embedded into our engineering culture.What You'll Be Doing
Se desidera saperne di più su questa opportunità o sta pensando di candidarsi, la preghiamo di leggere le seguenti informazioni.
Perform penetration testing across web applications, APIs, and microservicesCloud infrastructure and Kubernetes environmentsCI/CD pipelines and internal toolingIdentify, exploit, and clearly document security vulnerabilities and misconfigurationsWork closely with engineering teams to validate findings, prioritize risk and support remediation efforts.Design and improve internal processes for continuous security testing, secure development practices and threat modeling and attack simulationSupport third‐party security assessments, bug bounty programs, and compliance effortsHelp educate engineers on common attack vectors and defensive best practicesContribute to building a strong, security‐first culture across Kong. xrdztoy
What You'll Bring
Proven experience in penetration testing, offensive security, or red teamingStrong understanding of web application and API security (OWASP Top 10)Authentication, authorization, and identity systemsCloud security concepts and shared responsibility modelsHands‐on experience testing modern, cloud‐native systemsAbility to clearly communicate security findings to technical and non‐technical audiencesA pragmatic mindset: focused on real risk reduction, not just theoretical issuesCuriosity, ownership, and comfort working in a fast‐moving, engineering‐driven environment
Bonus Points
Experience testing API gateways, service meshes, or distributed systemsFamiliarity with Kubernetes and container securityExperience with open‐source security tools or contributing to open‐source projectsBug bounty participation or published researchExperience working in a SaaS or enterprise software company
About KongKong Inc., a leading developer of API and AI connectivity technologies, is building the infrastructure that powers the agentic era. trusted by the Fortune 500 and startups alike, Kong's unified API and AI platform, Kong Konnect, enables organizations to secure, manage, accelerate, govern, and monetize the flow of intelligence across APIs and AI models. For more information, visit J-18808-Ljbffr