Senior Security Engineer, Insomnia

Join to apply for the Senior Security Engineer, Insomnia role at Kong Inc. This range is provided by Kong Inc. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range CA$144,780.00/yr - CA$202,825.00/yr Are you ready to power the World's connections? If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others. About The Role As a Security Engineer specializing in Vulnerability Management and Testing, you will be critical in ensuring the security of Kong Insomnia. This role focuses on identifying, triaging, and closing vulnerabilities while leveraging advanced security engineering to build and update automated testing pipelines. You will bring expertise in automated security testing while remaining hands‑on in manual testing and validation processes. A key aspect of this role will involve researching and understanding all components of the Kong Insomnia platform, including the underlying technologies and dependencies. Binary analysis is a critical skill, and you will be expected to analyze and reverse‑engineer parts of the Kong Insomnia to uncover vulnerabilities and security weaknesses. Your contributions will directly impact the security of Kong’s products by integrating robust security measures into CI/CD pipelines, conducting in‑depth testing, and working closely with development teams to remediate vulnerabilities effectively and efficiently. What You’ll Do Perform comprehensive security testing and analysis: Automated and manual testing to uncover vulnerabilities. Static Analysis: Detect insecure coding patterns during development. Dynamic Application Security Testing (DAST): Identify runtime vulnerabilities such as XSS or SQL Injection. Fuzz Testing: Discover unknown vulnerabilities through randomized inputs. Dependency Analysis: Identify vulnerabilities in third‑party libraries and components. Environment Simulation and Sandboxing: Test software in isolated environments to simulate real‑world attacks. Vulnerability triage and management: prioritize, track, and collaborate for timely remediation. Manual testing and validation: conduct in‑depth manual testing, validate automated findings, provide remediation guidance. Develop automated testing pipelines: design, implement, and maintain pipelines using GitHub Actions, integrate security tools into CI/CD workflows. Act as primary security liaison with engineering teams, guiding secure coding practices and remediation strategies. Process development and metrics: establish workflows and monitor metrics for vulnerability management effectiveness. What You’ll Bring Hands‑on experience performing binary analysis to identify vulnerabilities and security weaknesses. Experience using debuggers (e.g., GDB, WinDbg) to analyze binaries. Expertise building and managing automated security testing pipelines in CI/CD workflows. Strong knowledge of static and dynamic application security testing tools and methodologies. Hands‑on experience conducting manual security testing, including penetration testing and vulnerability validation. Proficiency in TypeScript/JavaScript. Experience working with development teams to remediate vulnerabilities and ensure secure software delivery. Familiarity with secure coding practices and common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25). Knowledge of modern security frameworks such as MITRE ATT&CK and NIST CSF. Preferred Qualifications Experience with desktop applications. Proven ability to automate complex security testing workflows. Published tools or research related to security testing or vulnerability management. Personal Characteristics Proactive and detail‑oriented, driven to deliver secure solutions. Effective communicator, articulating security issues and remediation strategies. Collaborative and adaptable, thriving in fast‑paced, cross‑functional environments. Upcoming Projects Automated Testing Pipeline Development: design and implement workflow in GitHub Actions. Vulnerability Lifecycle Management: establish frameworks for tracking and closing vulnerabilities across Kong Gateway. Hands‑on Security Testing: conduct manual penetration tests and validate automated findings. Collaboration with Development Teams: remediate vulnerabilities and improve secure development practices. Continuous Improvement of Testing Tools: evaluate and integrate cutting‑edge tools and methodologies. By joining Kong Inc., you will combine your expertise in vulnerability management, security engineering, and hands‑on testing to ensure the security and reliability of our leading cloud‑native API management platform. If you’re ready to take ownership of testing and remediation processes while driving innovation in secure software development, we’d love to hear from you About Kong Kong Inc., a leading developer of cloud API technologies, is on a mission to enable companies around the world to become “API‑first” and securely accelerate AI adoption. Kong helps organizations globally— from startups to Fortune 500 enterprises—unleash developer productivity, build securely, and accelerate time to market. For more information about Kong, please visit www.konghq.com or follow us on X @thekonginc. Seniority Level Mid‑Senior level Employment Type Full‑time Job Function Information Technology Industry Software Development Referrals increase your chances of interviewing at Kong Inc. by 2x #J-18808-Ljbffr