Senior Security Engineer, Application Security
Trail of BitsSalary not specified
Full Time
Senior (5 to 8 years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, Cloud Native, API ManagementIndustries
Requirements
- Expertise in automated security testing and hands-on manual testing and validation
- Ability to research and understand all components of the Kong Insomnia platform, including underlying technologies and dependencies
- Proficiency in binary analysis and reverse-engineering parts of Kong Insomnia to uncover vulnerabilities and security weaknesses
Responsibilities
- Perform Comprehensive Security Testing and Analysis:
- Static Analysis using tools like GitHub Advanced Security (CodeQL), SonarCloud, Checkmarx CLI
- Dynamic Application Security Testing (DAST) using tools like OWASP ZAP CLI Runner, Burp Suite
- Fuzz Testing using tools like ClusterFuzzLite, libFuzzer
- Dependency Analysis using tools like Dependabot, Snyk CLI, OWASP Dependency-Check
- Environment Simulation and Sandboxing using tools like Docker, Minikube, Cuckoo Sandbox
- Conduct Vulnerability Triage and Management: Identify, prioritize, and track vulnerabilities from multiple sources; collaborate with development teams for timely remediation
- Perform Manual Testing and Validation: Conduct in-depth manual testing for vulnerabilities not covered by automation, validate automated findings, provide detailed remediation guidance
- Work with Security Engineering to develop Automated Testing Pipelines: Design, implement, and maintain pipelines using GitHub Actions; integrate tools into CI/CD workflows; automate vulnerability identification, tracking, and validation
- Collaborate with Development Teams: Act as primary security liaison, guide secure coding practices and remediation strategies, review and approve remediation actions
- Process Development and Metrics: Establish workflows for vulnerability triage, testing, and closure; develop and monitor metrics for vulnerability management effectiveness and efficiency
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
What is the salary for this Senior Security Engineer position?
This information is not specified in the job description.
Is this a remote position or what is the location requirement?
This information is not specified in the job description.
What key skills are required for this Security Engineer role?
Key skills include binary analysis, reverse-engineering, automated security testing (static analysis, DAST, fuzz testing, dependency analysis), manual testing, and vulnerability triage using tools like CodeQL, OWASP ZAP, ClusterFuzzLite, Dependabot, Docker, and others.
What is the company culture like at Kong?
Kong cultivates a workplace that celebrates diversity and fosters inclusion, where every team member is instrumental in driving success and impacting millions.
What makes a strong candidate for this role?
A strong candidate has expertise in vulnerability management, automated and manual security testing, binary analysis, reverse-engineering, and integrating security into CI/CD pipelines, with hands-on experience using tools like CodeQL, OWASP ZAP, and Docker.
Kong
API management and connectivity solutions provider
About Kong
Kong focuses on API management and connectivity, providing tools that help businesses manage, secure, and optimize their APIs for software communication. Its main product, Kong Gateway, is a fast API gateway that can handle up to 50,000 transactions per second, while Kong Konnect offers a SaaS platform for API management and Kong Mesh manages microservices. Kong stands out by combining open-source technology with enterprise solutions, allowing free access to core features and offering premium services for businesses. The company's goal is to enhance developer productivity, security, and performance for a diverse range of clients in a rapidly growing market.
San Francisco, CaliforniaHeadquarters
2017Year Founded
$334.7MTotal Funding
SERIES_ECompany Stage
Data & Analytics, Enterprise SoftwareIndustries
501-1,000Employees
Benefits
Weekly Donut Chats
Home Office Stipend
Flexible Time Off & Dedicated Unplug Days
Virtual Events
Risks
AI-enhanced security threats pose significant risks to API security.
Low adoption of zero-trust architecture leaves APIs vulnerable to breaches.
Intensifying competition in AI API platforms may draw customers away from Kong.
Differentiation
Kong's API Gateway supports 50,000 transactions per second, ensuring high performance.
Kong offers a unique combination of open-source and enterprise-grade API solutions.
Kong Insomnia is the fastest-growing platform for building, testing, and debugging APIs.
Upsides
Kong raised $175M to enhance AI connectivity and expand its solutions.
Kong Insomnia surpassed 1 million users, indicating strong demand for its tools.
Kong's Premium Technology Partner Program fosters innovation and collaboration.
Related Jobs
RemoteRemoteSenior Security Engineer
BraceSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Security Analyst, Vulnerability Management
VantaSalary not specified
RemoteLead Security Engineer
TimescaleSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior DevSecOps Engineer
OddballSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteFinancial Planning & Analysis Senior Analyst
48forty SolutionsSalary not specified
RemoteFunding Specialist
Forward FinancingSalary not specified
RemoteSoftware Engineer, CI/CD
VercelSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSenior Penetration Tester
HumanaSalary not specified
RemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)