• Support the design and configuration of enterprise information systems in alignment with security standards and requirements • Review and improve the security posture • Review new and existing system security plans • Participate in architecture reviews • Create and refine threat models • Offer technical guidance to minimize security risks • Oversee the execution of cybersecurity initiatives • Collaborate with other teams and serve as a subject matter expert while adhering to best security practices

• Ensure the security and safety of all business information, both at rest and in transit. • Work with Policy and Compliance to build and maintain IT networks and systems that adhere to government/contractual requirements. • Partner with engineering and DevOps on secure architecture. • Partner with Compliance and Legal on regulatory requirements. • Manage Vulnerability review and work with IT operations to regularly perform internal and external scans and audits and fix any identified issues to ensure IT security. • Manage Infrastructure Security. • Enhance and maintain the current network per IT policy. • Analyze security breaches to determine root cause, then mitigate any discovered issues. • Participate in architecture reviews and provide security approvals. • Manage security incident policy and response plan execution. • Provide quarterly and security assessment reviews. • Conduct all 3rd party vendor security assessment. • Manage and maintain perimeter defense systems (firewalls, VPN tunnels, etc.). • Maintain and administer security awareness training curriculum for employees. • Lead certification efforts for SOC 2, SOX ITGC Audits. • Work cross-functionally within the company to fulfill security requirements.

• Lead and manage Kong Cybersecurity Programs across OCISO • Establish, develop and track KPIs • Collaborate with engineering, product, and business stakeholders to define, prioritize, and deliver technical solutions. • Present complex technical challenges and resolutions to leadership and stakeholders. • Stay current on regulatory and industry standards (for example, ISO 27001, PCI-DSS, FedRAMP, NIST 800-53) to inform risk and control strategies. • Build strategies for issue and risk mitigation, contingency planning, and compliance adherence. • Demonstrate ownership and autonomy in managing programs and delivering high-quality results.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Lead Penetration Tester is an experienced offensive security professional who reports directly to the Director of Offensive Security. In this client-facing role, you will lead and execute penetration testing engagements for MSSP customers, serve as an escalation point for other penetration testers, and help ensure high-quality, defensible deliverables across the team. - Lead and execute penetration tests primarily across web applications, external APIs, and networks, performing manual testing, exploitation, and validation beyond automated scanning. - Serve as the primary escalation point for other penetration testers to unblock investigations, validate exploitation paths, and review findings for accuracy and consistency. - Conduct scoping calls with customers, confirm rules of engagement, and manage the pentest lifecycle. - Present findings to engineering teams and executive stakeholders, translating technical issues into remediation priorities. - Contribute to internal offensive security tooling, playbooks, templates, and scripts. Qualifications - Minimum 2 years of verifiable experience as a professional penetration tester in a full-time role. - Direct experience in pentesting web applications, external web APIs, and networks. - Experience in one or more of the following categories: - Mobile Applications - Cloud Infrastructures (AWS, Azure, GCP) - GenAI/ML - Desktop (Thick Client) Applications - Vishing/Phishing - Secure Code Reviews - Strong exploitation and validation skills with technical abilities above verifying scan results. - Ability to produce clear and precise penetration test reports with reproducible steps and screenshots of evidence to provide practical remediation guidance effectively with customers. - Ability to mentor and uplift other Offensive Security team members through technical guidance, review, and structured feedback. - Must be currently based in the United States. No sponsorship available for this position. Benefits - Supportive leadership and a clear growth path - 100% of employee medical premiums are covered by the employer and discounted family insurance options - Dental and Vision Benefits - PTO and Sick Time + 11 paid Holidays - 401K retirement option with company match - Company-paid Life Insurance - Annual Subscription to TalkSpace (online counseling & therapy service)