About this role
Are you ready to power the World's connections?
If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.
About the Role:
We’re hiring our first in-house Penetration Tester to help us proactively identify and mitigate security risks across Kong’s products, infrastructure, and internal systems. This is a high-impact role where you’ll help define how offensive security is done at Kong.
As Kong’s first dedicated Penetration Tester, you’ll work closely with our Security, Platform, and Engineering teams to continuously test, challenge, and improve the security of our products and services.
You’ll conduct hands-on offensive security assessments, partner with engineers to remediate findings, and help establish scalable, repeatable security testing practices across a modern, cloud-native, open-source environment.
This role blends deep technical testing, strong collaboration, and real influence on how security is embedded into our engineering culture.
What You’ll Be Doing:
Perform penetration testing across:
Web applications, APIs, and microservices
Cloud infrastructure and Kubernetes environments
CI/CD pipelines and internal tooling
Identify, exploit, and clearly document security vulnerabilities and misconfigurations
Work closely with engineering teams to validate findings, prioritize risk and support remediation efforts.
Design and improve internal processes for continuous security testing, secure development practices and threat modeling and attack simulation
Support third-party security assessments, bug bounty programs, and compliance efforts
Help educate engineers on common attack vectors and defensive best practices
Contribute to building a strong, security-first culture across Kong.
What You’ll Bring:
Proven experience in penetration testing, offensive security, or red teaming
Web application and API security (OWASP Top 10)
Authentication, authorization, and identity systems
Cloud security concepts and shared responsibility models
Hands-on experience testing modern, cloud-native systems
Ability to clearly communicate security findings to technical and non-technical audiences
A pragmatic mindset: focused on real risk reduction, not just theoretical issues
Curiosity, ownership, and comfort working in a fast-moving, engineering-driven environment
Bonus Points:
Experience testing API gateways, service meshes, or distributed systems
Familiarity with Kubernetes and container security
Experience with open-source security tools or contributing to open-source projects
Bug bounty participation or published research
Experience working in a SaaS or enterprise software company
#LI-BR2
About Kong:
Kong Inc., a leading developer of API and AI connectivity technologies, is building the infrastructure that powers the agentic era. trusted by the Fortune 500 and startups alike, Kong's unified API and AI platform, Kong Konnect, enables organizations to secure, manage, accelerate, govern, and monetize the flow of intelligence across APIs and AI models. For more information, visit www.konghq.com.