HiTakeJobHiTakeJob

Senior Director of Platform Security - Gong.io

  • חברה: Gong.io
  • מיקום: Tel Aviv District, Israel
  • טכנולוגיות: AWS, Azure, CI/CD, Kubernetes, Python, Java

תיאור המשרה

The end-to-end security strategy across Application Security, Cloud (AWS/Azure), and Platform layers, ensuring a Secure-by-Default framework, as measured by deployment coverage, critical vulnerability reduction, and developer adoption metrics. A unified Security Engineering organization covering AppSec, SecDevOps, and AI Security leadership, collaboration points with adjacent teams (Infrastructure, R&D, Product Engineering), and building and mentoring a high-performing team. Lead our Platform Security domain - from Layer 7 protections to AWS architecture, security tooling, automated risk scoring, and AI-assisted automation workflows that improve detection and remediation times. Security controls (WAF, Rate Limiting) embedded into the SDLC and CI/CD pipelines, including mandatory security gates, artifact scanning, and automated deployment checks. Lead our AI strategy - enabling secure use in our platform products as well as for our internal engineering usage, and scaling AI security governance and controls. The evolution of scalable infrastructure security, including Kubernetes, containers, IAM, and Zero Trust architectures, strengthening Kubernetes and cloud security posture. Own and execute the comprehensive Vulnerability Management program, from discovery (SAST/DAST/OSS scanning) through remediation tracking, and manage the external Bug Bounty program, with a focus on improving remediation SLAs and automation coverage. Mature secure-by-default engineering practices across the SDLC. Increase developer adoption of automated security tooling. Eliminating manual bottlenecks through code-driven guardrails and frictionless developer experiences. Securing complex production systems and multi-tenant AI architectures in cloud-native production environments, with a focus on model integrity, training data provenance, data exfiltration prevention, and minimizing unique risks associated with Large Language Models (LLMs), by applying specific AI threat models. Operationalizing Red/Purple Team exercises, penetration testing, and the Bug Bounty program to ensure a continuous feedback loop that drives proactive risk reduction. Support a culture where security is embedded into the foundation of engineering Turn security into a strategic product advantage and customer trust differentiator Improve developer experience by making the secure path the easiest path Increase engineering velocity while strengthening platform resilience Shape the future intersection of Security, AI, and Platform Engineering Create scalable systems, processes, and relationships that grow with the company’s innovation pace An Experienced Leader: 10+ years in Security/Software Engineering with a track record of scaling departments in high-growth R&D environments. A Technical Architect: Deep expertise in AWS/Kubernetes and modern platform security practices, Infrastructure-as-Code (Terraform/Crossplane), and secure coding (Java/Python/TypeScript). A Systems Thinker: You have a proven track of building security machines from the ground up, with a people-first mindset, technology, and process. Your work ensures that as Gong defines the future of AI-driven revenue, we do so on the most secure and resilient platform in the industry, building customer trust and promoting responsible AI adoption.

תחומי אחריות

The end-to-end security strategy across Application Security, Cloud (AWS/Azure), and Platform layers, ensuring a Secure-by-Default framework, as measured by deployment coverage, critical vulnerability reduction, and developer adoption metrics. A unified Security Engineering organization covering AppSec, SecDevOps, and AI Security leadership, collaboration points with adjacent teams (Infrastructure, R&D, Product Engineering), and building and mentoring a high-performing team. Lead our Platform Security domain - from Layer 7 protections to AWS architecture, security tooling, automated risk scoring, and AI-assisted automation workflows that improve detection and remediation times. Security controls (WAF, Rate Limiting) embedded into the SDLC and CI/CD pipelines, including mandatory security gates, artifact scanning, and automated deployment checks. Lead our AI strategy - enabling secure use in our platform products as well as for our internal engineering usage, and scaling AI security governance and controls. The evolution of scalable infrastructure security, including Kubernetes, containers, IAM, and Zero Trust architectures, strengthening Kubernetes and cloud security posture. Own and execute the comprehensive Vulnerability Management program, from discovery (SAST/DAST/OSS scanning) through remediation tracking, and manage the external Bug Bounty program, with a focus on improving remediation SLAs and automation coverage. Mature secure-by-default engineering practices across the SDLC. Increase developer adoption of automated security tooling. Eliminating manual bottlenecks through code-driven guardrails and frictionless developer experiences. Securing complex production systems and multi-tenant AI architectures in cloud-native production environments, with a focus on model integrity, training data provenance, data exfiltration prevention, and minimizing unique risks associated with Large Language Models (LLMs), by applying specific AI threat models. Operationalizing Red/Purple Team exercises, penetration testing, and the Bug Bounty program to ensure a continuous feedback loop that drives proactive risk reduction. Support a culture where security is embedded into the foundation of engineering Turn security into a strategic product advantage and customer trust differentiator Improve developer experience by making the secure path the easiest path Increase engineering velocity while strengthening platform resilience Shape the future intersection of Security, AI, and Platform Engineering Create scalable systems, processes, and relationships that grow with the company’s innovation pace An Experienced Leader: 10+ years in Security/Software Engineering with a track record of scaling departments in high-growth R&D environments. A Technical Architect: Deep expertise in AWS/Kubernetes and modern platform security practices, Infrastructure-as-Code (Terraform/Crossplane), and secure coding (Java/Python/TypeScript). A Systems Thinker: You have a proven track of building security machines from the ground up, with a people-first mindset, technology, and process. Your work ensures that as Gong defines the future of AI-driven revenue, we do so on the most secure and resilient platform in the industry, building customer trust and promoting responsible AI adoption.

דרישות

The end-to-end security strategy across Application Security, Cloud (AWS/Azure), and Platform layers, ensuring a Secure-by-Default framework, as measured by deployment coverage, critical vulnerability reduction, and developer adoption metrics. A unified Security Engineering organization covering AppSec, SecDevOps, and AI Security leadership, collaboration points with adjacent teams (Infrastructure, R&D, Product Engineering), and building and mentoring a high-performing team. Lead our Platform Security domain - from Layer 7 protections to AWS architecture, security tooling, automated risk scoring, and AI-assisted automation workflows that improve detection and remediation times. Security controls (WAF, Rate Limiting) embedded into the SDLC and CI/CD pipelines, including mandatory security gates, artifact scanning, and automated deployment checks. Lead our AI strategy - enabling secure use in our platform products as well as for our internal engineering usage, and scaling AI security governance and controls. The evolution of scalable infrastructure security, including Kubernetes, containers, IAM, and Zero Trust architectures, strengthening Kubernetes and cloud security posture. Own and execute the comprehensive Vulnerability Management program, from discovery (SAST/DAST/OSS scanning) through remediation tracking, and manage the external Bug Bounty program, with a focus on improving remediation SLAs and automation coverage. Mature secure-by-default engineering practices across the SDLC. Increase developer adoption of automated security tooling. Eliminating manual bottlenecks through code-driven guardrails and frictionless developer experiences. Securing complex production systems and multi-tenant AI architectures in cloud-native production environments, with a focus on model integrity, training data provenance, data exfiltration prevention, and minimizing unique risks associated with Large Language Models (LLMs), by applying specific AI threat models. Operationalizing Red/Purple Team exercises, penetration testing, and the Bug Bounty program to ensure a continuous feedback loop that drives proactive risk reduction. Support a culture where security is embedded into the foundation of engineering Turn security into a strategic product advantage and customer trust differentiator Improve developer experience by making the secure path the easiest path Increase engineering velocity while strengthening platform resilience Shape the future intersection of Security, AI, and Platform Engineering Create scalable systems, processes, and relationships that grow with the company’s innovation pace An Experienced Leader: 10+ years in Security/Software Engineering with a track record of scaling departments in high-growth R&D environments. A Technical Architect: Deep expertise in AWS/Kubernetes and modern platform security practices, Infrastructure-as-Code (Terraform/Crossplane), and secure coding (Java/Python/TypeScript). A Systems Thinker: You have a proven track of building security machines from the ground up, with a people-first mindset, technology, and process. Your work ensures that as Gong defines the future of AI-driven revenue, we do so on the most secure and resilient platform in the industry, building customer trust and promoting responsible AI adoption.