Product Security Architect

Gong transforms revenue organizations by harnessing customer interactions to increase business efficiency, improve decision-making and accelerate revenue growth. The Revenue Intelligence Platform uses proprietary artificial intelligence technology to enable teams to capture, understand and act on all customer interactions in a single, integrated platform. More than 4,000 companies around the world rely on Gong to support their go-to-market strategies and grow revenue efficiently. For more information, visit www.gong.io. 

We are seeking a Product Security Architect to impact our R&D processes significantly.

If you have a strong technical and security background and are excited to join a fast-growing team, we'd love to meet you! In this role, you'll ensure our ML/AI platform remains secure while driving innovation within our research team.

RESPONSIBILITIES 

• Design secure systems and conduct threat modeling for new and existing features.
  
• Review, identify and mitigate security risks in architecture, applications, and infrastructure levels.
  
• Perform regular security assessments and audits to identify vulnerabilities and ensure compliance with security standards.
  
• Develop, maintain, and audit information security policies and guidelines.
  
• Actively influence the product and services roadmap and security implementation.
  
• Continually improve Secure Development Lifecycle (SDLC) practices within R&D and Product units.
  
• Integrate security best practices into CI/CD pipelines and development workflows.
  
• Ensure the effectiveness of processes and controls to meet multiple standards, regulations, and audits, such as ISO27001, PCI-DSS, and more.
  
• Provide guidance and mentorship to development teams on secure coding practices and security principles.
  
• Collaborate with cross-functional teams, including developers, product managers, DevOps and more, to ensure security is integrated into all aspects of the R&D.
  
• Communicate security risks and recommendations to technical and non-technical stakeholders effectively.
  
• Review new tools and processes to detect security threats.
  
• For management review, generate regular reports on security posture, vulnerabilities, and compliance status.

QUALIFICATIONS 

• 8+ years of experience in Information Security.
  
• Extensive experience in designing, implementing, and managing security architectures for complex applications.
  
• Deep understanding of application security principles, frameworks, and standards (e.g., OWASP, NIST).
  
• Strong knowledge of authentication, authorization, encryption, and other security protocols.
  
• Hands-on experience designing and building secure web/mobile applications, systems, or networks.
  
• Familiarity with security methodologies and industry standards (e.g., ISO27001, PCI-DSS, GDPR).
  
• Proficiency in secure software development practices, including Secure Software Development Life Cycle (SSDLC) and DevSecOps practices.
  
• Experience securing Cloud environments (AWS, GCP, and/or Azure) and networks.
  
• Ability to conduct risk assessments, threat modeling, and vulnerability assessments.
  
• Experience in conducting security reviews, code audits, and threat modeling during the development process.
  
• Excellent communication skills, both written and verbal, to effectively convey security concepts to technical and non-technical stakeholders.
  
• Proven leadership skills with the ability to mentor and guide security team members.
  
• Strong collaboration skills to work with cross-functional teams, including developers, product managers, and DevOps.

PERKS & BENEFITS 

• Education & learning stipend to support your personal growth and development.
• Annual Leave / Paid Parental leave to support you and your family.
• Company-wide recharge days each quarter.
• Work from home allowance to help you succeed in a remote environment.

WHAT MAKES SECURITY AT GONG UNIQUE?

Here, at Gong, we trust and empower our employees with ownership to solve complex problems, make the right decisions and build the best products that create radical impact. We call it “Own. Solve. Impact.”

Our security team is at the forefront of a monumental shift in how we implement processes. Instead of simply saying "no," we embrace the mindset of "let's explore how we can make it work." Our security team brings a wealth of backgrounds, experience, and wisdom to the table. Which means that age comes before security, or is it the other way around?

If you are curious to discover Gong's wonderful and challenging world, what are you waiting for? Don’t delay - fill in your application details. Who knows, maybe there’s a Gongster in you!