Kong Inc.

Staff Security Engineer – Penetration Tester

Kong Inc.

full-time

Posted on:

Location Type: Hybrid

Location: MilanItaly

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

CloudKubernetesMicroservices

About the role

  • Perform penetration testing across:
  • Web applications, APIs, and microservices
  • Cloud infrastructure and Kubernetes environments
  • CI/CD pipelines and internal tooling
  • Identify, exploit, and clearly document security vulnerabilities and misconfigurations
  • Work closely with engineering teams to validate findings, prioritize risk and support remediation efforts.
  • Design and improve internal processes for continuous security testing, secure development practices and threat modeling and attack simulation
  • Support third-party security assessments, bug bounty programs, and compliance efforts
  • Help educate engineers on common attack vectors and defensive best practices
  • Contribute to building a strong, security-first culture across Kong.

Requirements

  • Proven experience in penetration testing, offensive security, or red teaming
  • Strong understanding of:
  • Web application and API security (OWASP Top 10)
  • Authentication, authorization, and identity systems
  • Cloud security concepts and shared responsibility models
  • Hands-on experience testing modern, cloud-native systems
  • Ability to clearly communicate security findings to technical and non-technical audiences
  • A pragmatic mindset: focused on real risk reduction, not just theoretical issues
  • Curiosity, ownership, and comfort working in a fast-moving, engineering-driven environment
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
penetration testingoffensive securityred teamingweb application securityAPI securitycloud securityKubernetesCI/CD pipelinesthreat modelingattack simulation
Soft Skills
communicationcuriosityownershiprisk reductioncollaborationeducationprocess improvementpragmatic mindsetadaptabilityproblem-solving