Application Security Engineer
Security - Tel Aviv
Gong is one of Israel’s most valued private software companies. Our solution uses machine learning and AI to automate big parts of customer-facing roles. Over 2000 innovative companies like Zillow, Slack, PayPal, Twilio, Shopify, Hubspot, SproutSocial, Zoominfo, Outreach, MuleSoft, and LinkedIn trust Gong to power their customer reality.
At Gong, we’re building new-generation, machine-learning based software that automates big parts of customer-facing roles by “understanding” their conversations and related work.
Our solution guides sales professionals, coaches them on how to become better, performs tasks for them, and directs them to the best actions.
We are seeking an experienced Application Security Engineer to help grow our application program.
If you're excited to join a fast-growing team and have a direct impact on a platform used by some of the biggest names in tech, we want to meet you!
In this position, you will support the efforts to ensure that the ML/AI-based dreams that our customers love stay secure in reality, as we have done before, and continue to foster new innovation with our research team to dream even bigger.
Gong is uniquely positioned to gain value from true ML/AI-based capabilities to drastically improve our value to our customers, and create a real differentiated advantage over the competition. We don’t mix the AI/ML powder and hope for the best. We do it for real.
Your day to day will be:
- Working with the engineering team to ensure we have a comprehensive secure software development life cycle program
- Manage code scanning tools
- Assist with threat models with the developers and architecture teams
- Help create engaging secure code awareness training
- Understand what features the team should prioritize from a product security perspective.
- 5+ years of application security experience
- Threat modeling in a cloud environment
- In-depth knowledge of Secure SDLC
- AWS Experience - a must
- Familiarity with attack frameworks and mitigation
- Experience with DAST and SAST
- Experience with application security testing tools such as Burp Suite, Tenable, sqlmap, Nmap or Metasploit.
- Understanding and identification of the OWASP Top 10 vulnerabilities