Senior Security Engineer, Insomnia at Kong

Toronto, Ontario, Canada

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Technology, Cloud Native, API ManagementIndustries

Requirements

Expertise in automated security testing and hands-on manual testing and validation
Ability to research and understand all components of the Kong Insomnia platform, including underlying technologies and dependencies
Proficiency in binary analysis and reverse-engineering parts of Kong Insomnia to uncover vulnerabilities and security weaknesses

Responsibilities

Perform Comprehensive Security Testing and Analysis:
Static Analysis using tools like GitHub Advanced Security (CodeQL), SonarCloud, Checkmarx CLI
Dynamic Application Security Testing (DAST) using tools like OWASP ZAP CLI Runner, Burp Suite
Fuzz Testing using tools like ClusterFuzzLite, libFuzzer
Dependency Analysis using tools like Dependabot, Snyk CLI, OWASP Dependency-Check
Environment Simulation and Sandboxing using tools like Docker, Minikube, Cuckoo Sandbox
Conduct Vulnerability Triage and Management: Identify, prioritize, and track vulnerabilities from multiple sources; collaborate with development teams for timely remediation
Perform Manual Testing and Validation: Conduct in-depth manual testing for vulnerabilities not covered by automation, validate automated findings, provide detailed remediation guidance
Work with Security Engineering to develop Automated Testing Pipelines: Design, implement, and maintain pipelines using GitHub Actions; integrate tools into CI/CD workflows; automate vulnerability identification, tracking, and validation
Collaborate with Development Teams: Act as primary security liaison, guide secure coding practices and remediation strategies, review and approve remediation actions
Process Development and Metrics: Establish workflows for vulnerability triage, testing, and closure; develop and monitor metrics for vulnerability management effectiveness and efficiency

Skills

CodeQL

SonarCloud

Checkmarx CLI

DAST

Static Analysis

Binary Analysis

Reverse Engineering

Vulnerability Management

CI/CD

Security Testing

Kong

API management and connectivity solutions provider

About Kong

Kong focuses on API management and connectivity, providing tools that help businesses manage, secure, and optimize their APIs for software communication. Its main product, Kong Gateway, is a fast API gateway that can handle up to 50,000 transactions per second, while Kong Konnect offers a SaaS platform for API management and Kong Mesh manages microservices. Kong stands out by combining open-source technology with enterprise solutions, allowing free access to core features and offering premium services for businesses. The company's goal is to enhance developer productivity, security, and performance for a diverse range of clients in a rapidly growing market.

San Francisco, CaliforniaHeadquarters

2017Year Founded

$334.7MTotal Funding

SERIES_ECompany Stage

Data & Analytics, Enterprise SoftwareIndustries

501-1,000Employees

Benefits

Weekly Donut Chats

Home Office Stipend

Flexible Time Off & Dedicated Unplug Days

Virtual Events

Risks

AI-enhanced security threats pose significant risks to API security.

Low adoption of zero-trust architecture leaves APIs vulnerable to breaches.

Intensifying competition in AI API platforms may draw customers away from Kong.

Differentiation

Kong's API Gateway supports 50,000 transactions per second, ensuring high performance.

Kong offers a unique combination of open-source and enterprise-grade API solutions.

Kong Insomnia is the fastest-growing platform for building, testing, and debugging APIs.

Upsides

Kong raised $175M to enhance AI connectivity and expand its solutions.

Kong Insomnia surpassed 1 million users, indicating strong demand for its tools.

Kong's Premium Technology Partner Program fosters innovation and collaboration.

Land your dream remote job 3x faster with AI

Try Jobo Free