At Gong , we’re building new-generation (machine learning based) software that automates big parts of customer-facing roles by “understanding” their conversations and related work.
Gong is a well-funded high-growth start-up, which proudly serves hundreds of customers, including Facebook, Salesforce, LinkedIn, ADP, Intercom, Drift, HubSpot and more.
Our solution guides people: coaches them how to become better, performs tasks for them, and directs them as to best actions.
As a DevSecOps, you’ll play a key role in securing, defining, and optimizing our rapidly expanding cloud infrastructure.
You will be part of our DevOps team, which pairs CI/CD cloud infrastructure expertise with a special focus on security-related fields, and your role will include:
· Securing our growing fleet of cloud services
· Providing guidance for security and architecture of new services
· Supporting our monitoring and alerting systems
· Developing threat-detection strategies to identify potential attacks
· Automating all aspects of the deployment of security controls
· Leading and serving as a focal point for security and compliance-related queries and strategies
- 3+ years of experience in equivalent information security.
- Ability to identify common security risks in the cloud and formulate and execute security strategies.
- Experience configuring and securing web applications, cryptography, including WAF and DDoS mitigation strategies.
- Scripting skills, preferably in Python.
- Extensive knowledge of Internet protocols, architectures, and security design principles.
- Experience with AWS security and encryption components, such as IAM Policy, Cloud HSM, KMS, Guardduty, Cloudtrail, SSO, etc. (or equivalent)
- Hands-on experience with third-party security solutions.
- Previous experience on a security operations team, with experience coordinating responses to security incidents and understanding of security best practices relating to cloud environments.
- Good understanding of security projects to address risks, including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management and user awareness.
- Ability to gather and maintain evidence for security and compliance.
- Self-drive to keep moving things forward.
- One or more security-related certifications, such as CISSP, CEH, CISA, CISM, SECURITY+ or similar.
- Experience triaging security alerts and executing incident response.
- Experience with Git and CI/CD processes and tools, such as Jenkins, Teamcity, TravisCI, and CircleCI.
- Strong sense of ownership, urgency, and drive.
- Experience in compliance requirements (e.g., SOC2, ISO27001, HIPPA, PCI, etc.).