Product Security Architect

At Gong, we're transforming customer-facing roles with our machine-learning software that understands conversations, guides sales professionals, offers coaching, automates tasks, and helps prioritize activities. 

We are seeking a Product Security Architect to impact our R&D processes significantly. If you have a strong technical and security background and are excited to join a fast-growing team, we'd love to meet you!

In this role, you'll ensure our ML/AI platform remains secure while driving innovation within our research team.

As a Product Security Architect, you will: 

• Design secure systems and conduct threat modeling for new and existing features.
• Review, identify and mitigate security risks in architecture, applications, and infrastructure levels.
• Perform regular security assessments and audits to identify vulnerabilities and ensure compliance with security standards.
• Develop, maintain, and audit information security policies and guidelines.
• Actively influence the product and services roadmap and security implementation.
• Continually improve Secure Development Lifecycle (SDLC) practices within R&D and Product units.
• Integrate security best practices into CI/CD pipelines and development workflows.
• Ensure the effectiveness of processes and controls to meet multiple standards, regulations, and audits, such as ISO27001, PCI-DSS, and more.
• Provide guidance and mentorship to development teams on secure coding practices and security principles.
• Collaborate with cross-functional teams, including developers, product managers, DevOps and more, to ensure security is integrated into all aspects of the R&D.
• Communicate security risks and recommendations to technical and non-technical stakeholders effectively.
• Review new tools and processes to detect security threats.
• For management review, generate regular reports on security posture, vulnerabilities, and compliance status.

You should apply if you have:

• 8+ years of experience in Information Security.
• Extensive experience in designing, implementing, and managing security architectures for complex applications.
• Deep understanding of application security principles, frameworks, and standards (e.g., OWASP, NIST).
• Strong knowledge of authentication, authorization, encryption, and other security protocols.
• Hands-on experience designing and building secure web/mobile applications, systems, or networks.
• Familiarity with security methodologies and industry standards (e.g., ISO27001, PCI-DSS, GDPR).
• Proficiency in secure software development practices, including Secure Software Development Life Cycle (SSDLC) and DevSecOps practices.
• Experience securing Cloud environments (AWS, GCP, and/or Azure) and networks.
• Ability to conduct risk assessments, threat modeling, and vulnerability assessments.
• Experience in conducting security reviews, code audits, and threat modeling during the development process.
• Excellent communication skills, both written and verbal, to effectively convey security concepts to technical and non-technical stakeholders.
• Proven leadership skills with the ability to mentor and guide security team members.
• Strong collaboration skills to work with cross-functional teams, including developers, product managers, and DevOps.

 

What makes the Security department at Gong unique? 

Here at Gong, we trust and empower our employees with ownership to solve complex problems, make the right decisions, and build the best products that create radical impact. We call it “Own. Solve. Impact.” 

Our security team is at the forefront of a monumental shift in implementing processes. Instead of simply saying "no," we embrace the mindset of "let's explore how we can make it work." Our security team brings a wealth of backgrounds, experience, and wisdom to the table. Which means that age comes before security, or is it the other way around?

If you are curious to discover Gong's wonderful and challenging world, what are you waiting for? Don’t delay - fill in your application details. Who knows, maybe there’s a Gongster in you!

About us 

Gong unlocks reality to help people and companies reach their full potential. The patented Gong Reality Platform™ empowers companies to take advantage of their most valuable assets – customer interactions, which the Gong platform automatically captures and analyzes. Gong then delivers insights at scale, empowering revenue and go-to-market teams to determine the best actions for winning outcomes.

Here at Gong, we encourage our employees to express their personality and identity (whether gender, ethnic, religious, or sexual), and we ensure fairness and equal opportunities. We follow a hybrid working model that combines working from home, on the go, or at the office. This allows us: flexibility, autonomy, positive work relationships, and effective work habits.

If these considerations are important to you when choosing a work place, we'd love to see you with us.

To review Gong's privacy policy, visit  www.gong.io/privacy-policy/ for more details.

#LI-IS1

•

Last updated on Aug 16, 2024