Product Security Architect - Remote

Overview

At Gong, we're transforming customer-facing roles with our machine-learning software that understands conversations, guides sales professionals, offers coaching, automates tasks, and helps prioritize activities. We are seeking a Product Security Architect to impact our R&D processes significantly. If you have a strong technical and security background and are excited to join a fast-growing team, we'd love to meet you! In this role, you'll ensure our ML/AI platform remains secure while driving innovation within our research team.

In Short

• Design secure systems and conduct threat modeling for new and existing features.
• Review, identify and mitigate security risks in architecture, applications, and infrastructure levels.
• Perform regular security assessments and audits to identify vulnerabilities and ensure compliance with security standards.
• Develop, maintain, and audit information security policies and guidelines.
• Actively influence the product and services roadmap and security implementation.
• Continually improve Secure Development Lifecycle (SDLC) practices within R&D and Product units.
• Integrate security best practices into CI/CD pipelines and development workflows.
• Ensure the effectiveness of processes and controls to meet multiple standards, regulations, and audits, such as ISO27001, PCI-DSS, and more.
• Provide guidance and mentorship to development teams on secure coding practices and security principles.
• Collaborate with cross-functional teams, including developers, product managers, DevOps and more, to ensure security is integrated into all aspects of the R&D.
• Communicate security risks and recommendations to technical and non-technical stakeholders effectively.
• Review new tools and processes to detect security threats.
• For management review, generate regular reports on security posture, vulnerabilities, and compliance status.

Requirements

• 8+ years of experience in Information Security.
• Extensive experience in designing, implementing, and managing security architectures for complex applications.
• Deep understanding of application security principles, frameworks, and standards (e.g., OWASP, NIST).
• Strong knowledge of authentication, authorization, encryption, and other security protocols.
• Hands-on experience designing and building secure web/mobile applications, systems, or networks.
• Familiarity with security methodologies and industry standards (e.g., ISO27001, PCI-DSS, GDPR).
• Proficiency in secure software development practices, including Secure Software Development Life Cycle (SSDLC) and DevSecOps practices.
• Experience securing Cloud environments (AWS, GCP, and/or Azure) and networks.
• Ability to conduct risk assessments, threat modeling, and vulnerability assessments.
• Experience in conducting security reviews, code audits, and threat modeling during the development process.
• Excellent communication skills, both written and verbal, to effectively convey security concepts to technical and non-technical stakeholders.
• Proven leadership skills with the ability to mentor and guide security team members.
• Strong collaboration skills to work with cross-functional teams, including developers, product managers, and DevOps.

Benefits

• Empowerment and ownership to solve complex problems.
• Flexibility in working arrangements (hybrid model).
• Positive work relationships and effective work habits.
• Encouragement of personality and identity expression.
• Equal opportunities and fairness in the workplace.