Avatar for Kong

Next-Generation API Platform for Modern Architectures

Security Engineer Lead

Apply now

Are you ready to join the API revolution?

About Kong:

Kong creates software and managed services that connect APIs and microservices natively across and within clouds, Kubernetes, data centers and more using intelligent automation. Built on an open source core, Kong’s service connectivity platform enables digital innovation by allowing organizations to reliably and securely manage the full lifecycle of APIs and services for modern architectures, including microservices, serverless and service mesh. By providing developer teams with unprecedented architectural freedom, Kong accelerates innovation cycles, increases productivity, and seamlessly bridges legacy and modern systems and applications. For more information about Kong, please visit konghq.com or follow @thekonginc on Twitter.

About the role:

Kong is an open-source project with a global adoption around the world. Developers and architects are adopting Kong in production among a large variety of use-cases, and actively help making Kong a better product with their feedback and contributions.

We’re looking for a Lead Security Engineer to lead Kong’s Security practice by working with Kong’s Engineering and Product teams to think about and act on security challenges throughout all phases of development. You will have a major impact on the overall direction of security at Kong and will help design and drive new features to enhance the security of the Kong platform. You will help to define and drive Kong’s “security first” mindset by working with development teams to develop world-class security practices.

What you’ll be doing:

  • You’ll be a player-coach and advise Kong’s development teams on all-aspects of security Develop and drive Kong’s security requirements and security guidelines
  • Ensure compliance with infrastructure security requirements for cloud and infrastructure operating environments
  • Manage all inbound reported security questions or issues, create and distribute incident response documentation
  • Execute Security risk analysis and vulnerability checks for Kong’s cloud and infrastructure environments
  • Work with Kong Engineering teams to ensure the design and validate an infrastructure security to provide minimal security risk and appropriate security controls
  • Work with Kong’s Legal and Field teams to address incoming inquiries regarding Kong’s Security practices.
  • Research security standards, security technology for new technology trends
  • Improve security review process
  • Continue to foster our security mindset among our development teams and throughout Kong.

What you’ll bring:

  • 5-7 years in security (or security related development), and specifically advising engineering teams and developing security practices.
  • Ability to identify and mitigate vulnerabilities and explain how to avoid them
  • Comfortable with security for modern frameworks such as Vue.js
  • Experience with security of writing and consuming RESTful APIs
  • Experience with security at rest in relational and no-SQL databases
  • Experience with secure coding practices for languages such as Perl, Ruby, Shell -- bonus points for Lua
  • Understanding of static and dynamic analysis tools - and when to use them
  • Comfortable with git and Github workflows
  • Experience with test-driven development and automated testing
  • Excellent verbal and written communication skills
  • Bachelor's degree in Computer Science or equivalent work experience

Bonus Points:

  • Experience with Kong
  • Experience with Docker and Kubernetes

For more information about Kong, please visit https://konghq.com/ or follow @thekonginc on Twitter. 2019 Kong Summit Highlight Video

Kong Core Values:

Global - We work together from anywhere to achieve our common goals. Our differences make us stronger. We seek to understand different points of view and their implications on work.
Real - We are genuine, principled and confident without an attitude. We seek to understand our own strengths and vulnerabilities. We understand the effect of external factors on ourselves and we manage our own emotions and understand the effect they have on other people.
Unstoppable - We are biased towards action and decision, we persevere and always go the extra mile. We understand how to prioritize and work with urgency and focus. We are self-motivated and exhibit a high personal drive.
Champion - We listen and speak up for customers, community, partners and each other. We have an ability to provide feedback that is specific, constructive and fact-based. We listen, are able to receive feedback without taking it personally and we look at our own performance in order to improve.
Explorer - We challenge the status quo by discovering, innovating, failing fast and learning. We are self-directing and use creativity when solving problems that may be complex and ambiguous. We are adaptable, able to navigate and solve problems, especially in times of rapid change and high-ambiguity.

San Francisco
Job type
Visa sponsorship
Not Available

Kong at a glance

Next-Generation API Platform for Modern Architectures

Kong focuses on Enterprise Software, Cloud Computing, Information Services, Developer APIs, and Development Platforms. Their company has offices in San Francisco. They have a mid-size team that's between 51-200 employees. To date, Kong has raised $69.101M of funding; their latest round was closed on March 2019.

You can view their website at https://konghq.com/ or find them on Twitter and LinkedIn.

More jobs at Kong

View all jobs

Senior Site Reliability Engineer

Senior Full Stack Engineer - Enterprise Applications

Senior Software Engineer - Kubernetes (Remote)

Staff Engineer - Enterprise (Remote)

Staff Site Reliability Engineer