Are you ready to power the World's connections?If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.About the RoleWe’re hiring our first in-house Penetration Tester to help us proactively identify and mitigate security risks across Kong’s products, infrastructure, and internal systems. This is a high-impact role where you’ll help define how offensive security is done at Kong.As Kong’s first dedicated Penetration Tester, you’ll work closely with our Security, Platform, and Engineering teams to continuously test, challenge, and improve the security of our products and services.You’ll conduct hands-on offensive security assessments, partner with engineers to remediate findings, and help establish scalable, repeatable security testing practices across a modern, cloud-native, open-source environment.This role blends deep technical testing, strong collaboration, and real influence on how security is embedded into our engineering culture.What You’ll Be DoingPerform penetration testing across:Web applications, APIs, and microservicesCloud infrastructure and Kubernetes environmentsCI/CD pipelines and internal toolingIdentify, exploit, and clearly document security vulnerabilities and misconfigurationsWork closely with engineering teams to validate findings, prioritize risk and support remediation efforts.Design and improve internal processes for continuous security testing, secure development practices and threat modeling and attack simulationSupport third-party security assessments, bug bounty programs, and compliance effortsHelp educate engineers on common attack vectors and defensive best practicesContribute to building a strong, security-first culture across Kong.What You’ll BringProven experience in penetration testing, offensive security, or red teamingStrong understanding of:Web application and API security (OWASP Top 10)Authentication, authorization, and identity systemsCloud security concepts and shared responsibility modelsHands-on experience testing modern, cloud-native systemsAbility to clearly communicate security findings to technical and non-technical audiencesA pragmatic mindset: focused on real risk reduction, not just theoretical issuesCuriosity, ownership, and comfort working in a fast-moving, engineering-driven environmentBonus PointsExperience testing API gateways, service meshes, or distributed systemsFamiliarity with Kubernetes and container securityExperience with open-source security tools or contributing to open-source projectsBug bounty participation or published researchExperience working in a SaaS or enterprise software companyAbout Kong: Kong Inc., a leading developer of cloud API technologies, is on a mission to enable companies around the world to become “API-first” and securely accelerate AI adoption. Kong helps organizations globally — from startups to Fortune 500 enterprises — unleash developer productivity, build securely, and accelerate time to market. For more information about Kong, please visit www.konghq.com or follow us on X @thekonginc.