Staff Security Engineer, Cloud Security
Ready to secure the connections that power the world?
At Kong, we're building the infrastructure that powers the agentic era, trusted by Fortune 500 companies and innovative startups alike. As a Staff Security Engineer, you won't just be an individual contributor; you'll be a pivotal technical security lead, shaping the defense of the world's most popular API gateway.
If you don’t think you meet every single criterion below but are still excited by the opportunity, we strongly encourage you to apply. We believe in building diverse teams and know that the best candidates often bring a unique blend of strengths and capabilities.
The Mission:
As a Staff Security Engineer focusing on Cloud Security, you will leverage your deep expertise in high-performance networking and distributed systems to architect and evolve the security posture of the Kong Cloud. This isn't just about maintaining; it's about innovating—specifically by harnessing the power of Open Source (OSS) and building state-of-the-art network and application security solutions that safeguard critical connections at global scale.
What You'll Do: Drive Cloud Security Operations: Act as the lead subject matter expert, guiding and optimizing security operations across the Kong Cloud. What You'll Bring: Extensive Experience: 8+ years in Cybersecurity Engineering, with a proven focus on high-traffic infrastructure or API management. About Kong:
Pioneer Threat Defense: Architect, implement, and innovate next-generation WAF, IDS, and IPS capabilities at the gateway level, providing robust protection against OWASP Top 10, zero-day exploits, and sophisticated API abuse.
Engineer Multi-Cloud Resilience: Design and deploy cutting-edge "Zero Trust" security models that operate seamlessly across complex hybrid and multi-cloud environments (AWS, Azure, GCP, On-prem).
Shape the Strategic Roadmap: Collaborate closely with Product and Architecture leads to define the multi-year security roadmap for Kong Gateway, balancing the unique needs of our thriving OSS community with enterprise-grade requirements.
Lead Incident Resolution: Take charge in responding to complex, high-stakes security challenges, from mitigating supply chain vulnerabilities in open-source dependencies to leading critical CVE remediations.
Cultivate a Security-First Culture: Champion secure practices by mentoring engineers on secure coding and architecture, influencing the long-term cybersecurity maturity and mindset across the entire organization.
Gateway Mastery: Extensive hands-on experience with Kong Gateway, Nginx, eBPF, or similar high-performance networking technologies.
Cloud-Native & Multi-Cloud Expertise: Expert-level knowledge in designing and securing solutions across disparate cloud providers and sophisticated Kubernetes environments.
Advanced Security Domain Specialist: A demonstrated track record in architecting, deploying, and managing WAF, IDS, and IPS systems at scale, with a nuanced understanding of both signature-based and advanced ML-based detection methodologies.
Programming Proficiency: Strong command of Python, Go, or Rust for security tool development and automation.
Open Source Contributor: Experience contributing to or maintaining open-source security projects is a significant asset and highly valued.
Design Excellence: The ability to produce high-quality, high-performance security designs that uphold Kong’s promise of "millisecond-latency" without compromise.
Kong Inc. is the leading developer of API and AI connectivity technologies, building the infrastructure that powers the agentic era. Trusted by the Fortune 500 and innovative startups alike, Kong's unified API and AI platform, Kong Konnect, empowers organizations to secure, manage, accelerate, govern, and monetize the flow of intelligence across APIs and AI models. For more information, visit www.konghq.com.