🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Kong • Milan, Lombardy, Italy
Role & seniority
Stack/tools
Web apps, APIs, microservices
Cloud infrastructure, Kubernetes
CI/CD pipelines and internal tooling
Open-source security practices; cloud-native environment
Documentation of findings and risk
Top 3 responsibilities
Conduct hands-on penetration testing across web apps, APIs, microservices, cloud/Kubernetes, and CI/CD tooling
Identify vulnerabilities, clearly document findings, and work with engineering to validate risk and support remediation
Design and improve internal security testing processes, threat modeling, attack simulations, and security education; support third-party assessments and bug bounty programs
Must-have skills
Proven experience in penetration testing, offensive security, or red teaming
Strong knowledge of web security (OWASP Top 10), authentication/authorization, and identity systems
Cloud security concepts and testing of cloud-native systems
Ability to clearly communicate findings to technical and non-technical audiences
Pragmatic, risk-reduction focus; ownership and ability to operate in a fast-moving, engineering-driven environment
Nice-to-haves
Experience testing API gateways, service meshes, or distributed systems
Kubernetes and container security
Open-source security tools or contributions; bug bounty/public research
Prior experience in SaaS or enterprise software environments
Location & work type
Location: not specified
Are you ready to power the World's connections? If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others. About the Role We’re hiring our first in-house Penetration Tester to help us proactively identify and mitigate security risks across Kong’s products, infrastructure, and internal systems. This is a high-impact role where you’ll help define how offensive security is done at Kong. As Kong’s first dedicated Penetration Tester, you’ll work closely with our Security, Platform, and Engineering teams to continuously test, challenge, and improve the security of our products and services. You’ll conduct hands-on offensive security assessments, partner with engineers to remediate findings, and help establish scalable, repeatable security testing practices across a modern, cloud-native, open-source environment. This role blends deep technical testing, strong collaboration, and real influence on how security is embedded into our engineering culture. What You’ll Be Doing
A pragmatic mindset: focused on real risk reduction, not just theoretical issues Curiosity, ownership, and comfort working in a fast-moving, engineering-driven environment Bonus Points Experience testing API gateways, service meshes, or distributed systems Familiarity with Kubernetes and container security Experience with open-source security tools or contributing to open-source projects Bug bounty participation or published research Experience working in a SaaS or enterprise software company