Gongio13d ago

Senior Product Security Engineer

Tel Avivsenior

Product Security EngineerCybersecurity

1 views0 saves0 applied

Apply Now

Quick Summary

Overview

Gong harnesses the power of AI to transform how revenue teams win. The Gong Revenue AI Operating System unifies data, insights, and workflows into a single, trusted system that observes, guides,

Technical Tools

Product Security EngineerCybersecurity

Gong harnesses the power of AI to transform how revenue teams win. The Gong Revenue AI Operating System unifies data, insights, and workflows into a single, trusted system that observes, guides, and acts alongside the world’s most successful revenue teams. Powered by the Gong Revenue Graph, AI-powered intelligence, specialized agents, and trusted applications, Gong helps more than 5,000 companies around the world deeply understand their teams and customers, automate critical sales workflows, and close more deals with less effort. For more information, visit www.gong.io.

At Gong, you will join a company built on innovative products, ambitious goals, and passionate people. We are shaping the future of revenue intelligence and we want people who are excited to build what comes next. You will work with a team that dreams big, moves fast, and cares deeply about the craft and about each other. Here, transparency and trust are core to how we operate, and every person has the opportunity to make a visible impact. If you want to grow, stretch, and do work that truly matters, Gong is the place to do the best work of your career.

At Gong, we’re transforming customer-facing teams with our AI-powered platform that understands conversations, guides sales professionals, and drives better business outcomes. Security and trust are foundational to everything we build.

As a Senior Product Security Engineer, you will help shape how security is built, not just how it is tested or reviewed. You’ll work closely with engineering teams to secure real systems in production, influencing how services, APIs, and data flows are implemented from the ground up.

This is a hands-on role, focused on solving real security problems across cloud-native architectures and AI-driven features. You’ll work directly with developers and DevOps, dive into systems when needed, and apply strong technical judgment to ensure security is built into the product, not added later.

A product where data sensitivity is real, not theoretical
Gong processes and analyzes customer conversations at scale, creating unique challenges around data protection, privacy, and access control.
AI is deeply embedded in the product
Security challenges extend beyond traditional AppSec into data handling, model behavior, and misuse scenarios.
Security is part of how we build, not a layer on top
The role operates within engineering workflows, focusing on building secure systems rather than enforcing external controls.
Meaningful scale and real production impact
You’ll work on systems that handle large volumes of data and traffic, where security decisions directly affect reliability and trust.
A culture that values practical, engineering-driven security
The focus is on solving real problems and enabling teams, not on process-heavy or compliance-driven approaches.
High ownership with room to grow
You’ll have the autonomy to take initiative, drive improvements, and expand your impact as the platform evolves.

Responsibilities

~1 min read

→Secure real product flows end-to-end - Work directly with engineers to identify and fix vulnerabilities across services, APIs, and data paths in production systems
→Drive secure-by-design practices in engineering - provide practical guidance on authentication, authorization, data protection, and service-to-service communication
→Secure cloud-native environments - strengthen identity (IAM), isolation, and access control across Kubernetes, containers, and cloud infrastructure
→Build and scale security in the development lifecycle - integrate and tune security tooling (SAST, SCA, IaC scanning, secrets detection) into CI/CD pipelines to improve signal and developer adoption
→Own vulnerability management as a system - prioritize risks, drive remediation with engineering teams, and eliminate recurring issues through root-cause fixes
→Strengthen software supply chain security - reduce risk across dependencies, third-party components, and build/release pipelines
→Secure AI/ML-driven features - partner with data and AI teams to mitigate risks such as data exposure, misuse, and model-related vulnerabilities
→Raise the security bar across engineering - mentor developers and help teams take ownership of security in their code and services
→Enable fast, informed decisions - clearly communicate risks and trade-offs to support product and engineering velocity

5+ years of experience in Product Security, Application Security, or a similar hands-on security engineering role
Proven experience working closely with engineering teams on real systems in production, not just assessments
Strong understanding of secure design and threat modeling, with the ability to influence architecture decisions
Deep knowledge of application security principles (OWASP Top 10 and beyond), including modern attack vectors
Hands-on experience securing web applications, APIs, and distributed systems
Strong experience with cloud environments (AWS, GCP, and/or Azure), including identity and access management (IAM)
Familiarity with Kubernetes, containers, and cloud-native architectures
Experience integrating security into CI/CD pipelines and improving developer workflows
Practical experience with security tooling (SAST, SCA, IaC scanning, secrets detection), including tuning and operationalizing
Experience working with modern development stacks (e.g., Java, Python, JavaScript/TypeScript, React or similar)
Strong problem-solving skills and the ability to analyze complex systems and prioritize meaningful risks
Ability to influence developers through technical credibility and practical guidance
Experience mentoring engineers and improving security practices across teams