Welcome to RemoteYeah 2.0! Find out more about the new version here.

Remote Senior Security Engineer, Insomnia

at Kong

Posted 1 day ago 1 applied

Description:

  • Kong Inc. is seeking a Senior Security Engineer specializing in Vulnerability Management and Testing to ensure the security of Kong Insomnia.
  • The role involves identifying, triaging, and closing vulnerabilities while leveraging advanced security engineering to build and update automated testing pipelines.
  • The engineer will research and understand all components of the Kong Insomnia platform, including underlying technologies and dependencies.
  • Binary analysis is a critical skill required for analyzing and reverse-engineering parts of Kong Insomnia to uncover vulnerabilities and security weaknesses.
  • Responsibilities include conducting comprehensive security testing and analysis, performing both automated and manual testing to uncover vulnerabilities, and collaborating with development teams for timely remediation.
  • The engineer will also work on developing automated testing pipelines, establish workflows for vulnerability triage, testing, and closure, and monitor metrics to measure the effectiveness of vulnerability management processes.

Requirements:

  • Candidates should have hands-on experience performing binary analysis to identify vulnerabilities and security weaknesses.
  • Direct experience using debuggers (e.g., GDB, WinDbg) to analyze binaries and investigate potential security flaws is required.
  • Expertise in building and managing automated security testing pipelines in CI/CD workflows is essential.
  • Strong knowledge of static and dynamic application security testing tools and methodologies is necessary.
  • Hands-on experience conducting manual security testing, including penetration testing and vulnerability validation, is required.
  • Proficiency in typescript/javascript is a must.
  • Experience working with development teams to remediate vulnerabilities and ensure secure software delivery is expected.
  • Familiarity with secure coding practices and common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25) is important.
  • Knowledge of modern security frameworks such as MITRE ATT&CK and NIST CSF is preferred.

Benefits:

  • Kong offers competitive compensation that varies based on location, role, skill set, and experience.
  • US-based employees typically have access to healthcare benefits, a 401(k) plan, short and long-term disability benefits, and basic life and AD&D insurance.
  • The typical base pay range for this role in Canada is $144,780 to $202,825.
  • Employees are encouraged to be part of a diverse and inclusive workplace that values innovation and collaboration.