Responsibilities
- Develop and deploy advanced web application firewall, intrusion detection, and intrusion prevention systems at the gateway layer to defend against common web vulnerabilities, emerging threats, and targeted API attacks.
- Create and integrate Zero Trust security frameworks that function consistently across on-premises and multiple cloud platforms including AWS, Azure, and GCP.
- Collaborate with product and architecture teams to shape a long-term security strategy for the core gateway platform, aligning open-source community needs with enterprise demands.
- Manage responses to intricate security incidents, including vulnerabilities in third-party software components and urgent patches for critical CVEs.
- Promote a security-first mindset by guiding development teams in secure coding techniques and advancing the organization’s overall cybersecurity posture.
Responsibilities
- Architect and implement next-generation WAF, IDS, and IPS capabilities at the gateway level to protect against OWASP Top 10, zero-day exploits, and sophisticated API abuse.
- Design and implement "Zero Trust" security models that operate seamlessly across hybrid and multi-cloud environments (AWS, Azure, GCP, On-prem).
- Partner with Product and Architecture leads to define the multi-year security roadmap for Kong Gateway, balancing the needs of the OSS community with Enterprise requirements.
- Lead the response to complex, multi-faceted security challenges—from supply chain vulnerabilities in open-source dependencies to high-stakes CVE remediations.
- Champion a "Security-First" culture by mentoring engineers on secure coding practices and influencing the long-term cybersecurity maturity of the entire organization.
