Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

Gong Product Security Architect 
Israel, Tel Aviv District, Tel Aviv-Yafo 
994854360

04.08.2024

In this role, you'll ensure our ML/AI platform remains secure while driving innovation within our research team.

As a Product Security Architect, you will:

  • Design secure systems and conduct threat modeling for new and existing features.
  • Review, identify and mitigate security risks in architecture, applications, and infrastructure levels.
  • Perform regular security assessments and audits to identify vulnerabilities and ensure compliance with security standards.
  • Develop, maintain, and audit information security policies and guidelines.
  • Actively influence the product and services roadmap and security implementation.
  • Continually improve Secure Development Lifecycle (SDLC) practices within R&D and Product units.
  • Integrate security best practices into CI/CD pipelines and development workflows.
  • Ensure the effectiveness of processes and controls to meet multiple standards, regulations, and audits, such as ISO27001, PCI-DSS, and more.
  • Provide guidance and mentorship to development teams on secure coding practices and security principles.
  • Collaborate with cross-functional teams, including developers, product managers, DevOps and more, to ensure security is integrated into all aspects of the R&D.
  • Communicate security risks and recommendations to technical and non-technical stakeholders effectively.
  • Review new tools and processes to detect security threats.
  • For management review, generate regular reports on security posture, vulnerabilities, and compliance status.

You should apply if you have:

  • 8+ years of experience in Information Security.
  • Extensive experience in designing, implementing, and managing security architectures for complex applications.
  • Deep understanding of application security principles, frameworks, and standards (e.g., OWASP, NIST).
  • Strong knowledge of authentication, authorization, encryption, and other security protocols.
  • Hands-on experience designing and building secure web/mobile applications, systems, or networks.
  • Familiarity with security methodologies and industry standards (e.g., ISO27001, PCI-DSS, GDPR).
  • Proficiency in secure software development practices, including Secure Software Development Life Cycle (SSDLC) and DevSecOps practices.
  • Experience securing Cloud environments (AWS, GCP, and/or Azure) and networks.
  • Ability to conduct risk assessments, threat modeling, and vulnerability assessments.
  • Experience in conducting security reviews, code audits, and threat modeling during the development process.
  • Excellent communication skills, both written and verbal, to effectively convey security concepts to technical and non-technical stakeholders.
  • Proven leadership skills with the ability to mentor and guide security team members.
  • Strong collaboration skills to work with cross-functional teams, including developers, product managers, and DevOps.

for more details.