Security Engineer Lead

Distributed or Flexible /
Engineering – Engineering /
Are you ready to join the API revolution?

Kong is an open-source project with a global adoption around the world. Developers and architects are adopting Kong in production among a large variety of use-cases, and actively help making Kong a better product with their feedback and contributions.

We’re looking for a Lead Security Engineer to lead Kong’s Security practice by working with Kong’s Engineering and Product teams to think about and act on security challenges throughout all phases of development. You will have a major impact on the overall direction of security at Kong and will help design and drive new features to enhance the security of the Kong platform. You will help to define and drive Kong’s “security first” mindset by working with development teams to develop world-class security practices.

What you’ll be doing:

    • You’ll be a player-coach and advise Kong’s development teams on all-aspects of security Develop and drive Kong’s security requirements and security guidelines
    • Ensure compliance with infrastructure security requirements for cloud and infrastructure operating environments
    • Manage all inbound reported security questions or issues, create and distribute incident response documentation 
    • Execute Security risk analysis and vulnerability checks for  Kong’s cloud and infrastructure environments
    • Work with Kong Engineering teams to ensure the design and validate an infrastructure security to provide minimal security risk and appropriate security controls
    • Work with Kong’s Legal and Field teams to address incoming inquiries regarding Kong’s Security practices.
    •  Research security standards, security technology for new technology trends
    • Improve security review process
    • Continue to foster our security mindset among  our development teams and throughout Kong.

What you’ll bring:

    • 5-7 years in security (or security related development), and specifically advising engineering teams and developing security practices.
    •  Ability to identify and mitigate vulnerabilities and explain how to avoid them
    • Comfortable with security for modern frameworks such as Vue.js
    • Experience with security of writing and consuming RESTful APIs
    • Experience with security at rest in relational and no-SQL databases
    • Experience with secure coding practices for languages such as Perl, Ruby, Shell -- bonus points for Lua
    • Understanding of static and dynamic analysis tools - and when to use them
    • Comfortable with git and Github workflows
    • Experience with test-driven development and automated testing
    • Excellent verbal and written communication skills
    • Bachelor's degree in Computer Science or equivalent work experience

Bonus Points:

    • Experience with Kong
    • Experience with Docker and Kubernetes