Gong Product Security Architect 

Israel, Tel Aviv District, Tel Aviv-Yafo 

994854360

In this role, you'll ensure our ML/AI platform remains secure while driving innovation within our research team.

As a Product Security Architect, you will:

• Design secure systems and conduct threat modeling for new and existing features.
• Review, identify and mitigate security risks in architecture, applications, and infrastructure levels.
• Perform regular security assessments and audits to identify vulnerabilities and ensure compliance with security standards.
• Develop, maintain, and audit information security policies and guidelines.
• Actively influence the product and services roadmap and security implementation.
• Continually improve Secure Development Lifecycle (SDLC) practices within R&D and Product units.
• Integrate security best practices into CI/CD pipelines and development workflows.
• Ensure the effectiveness of processes and controls to meet multiple standards, regulations, and audits, such as ISO27001, PCI-DSS, and more.
• Provide guidance and mentorship to development teams on secure coding practices and security principles.
• Collaborate with cross-functional teams, including developers, product managers, DevOps and more, to ensure security is integrated into all aspects of the R&D.
• Communicate security risks and recommendations to technical and non-technical stakeholders effectively.
• Review new tools and processes to detect security threats.
• For management review, generate regular reports on security posture, vulnerabilities, and compliance status.

You should apply if you have:

• 8+ years of experience in Information Security.
• Extensive experience in designing, implementing, and managing security architectures for complex applications.
• Deep understanding of application security principles, frameworks, and standards (e.g., OWASP, NIST).
• Strong knowledge of authentication, authorization, encryption, and other security protocols.
• Hands-on experience designing and building secure web/mobile applications, systems, or networks.
• Familiarity with security methodologies and industry standards (e.g., ISO27001, PCI-DSS, GDPR).
• Proficiency in secure software development practices, including Secure Software Development Life Cycle (SSDLC) and DevSecOps practices.
• Experience securing Cloud environments (AWS, GCP, and/or Azure) and networks.
• Ability to conduct risk assessments, threat modeling, and vulnerability assessments.
• Experience in conducting security reviews, code audits, and threat modeling during the development process.
• Excellent communication skills, both written and verbal, to effectively convey security concepts to technical and non-technical stakeholders.
• Proven leadership skills with the ability to mentor and guide security team members.
• Strong collaboration skills to work with cross-functional teams, including developers, product managers, and DevOps.

for more details.