At Gong , we’re building new-generation (machine learning based) software that automates big parts of customer-facing roles by “understanding” their conversations and related work.
Gong is a well-funded, high-growth startup that proudly serves hundreds of customers, including Facebook, Salesforce, AppsFlyer, Sisense, monday.com, PayPal, WalkMe and more.
Our solution guides people: coaches them how to become better, performs tasks for them, and directs them to best actions.
As a DevSecOps, you’ll play a key role in securing, defining, and optimizing our rapidly expanding cloud infrastructure.
You will be part of our DevOps team, which pairs CI/CD cloud infrastructure expertise with a special focus on security-related fields, and your role will include:
· Securing our growing fleet of cloud services
· Providing guidance for security and architecture of new services
· Supporting our monitoring and alerting systems
· Developing threat-detection strategies to identify potential attacks
· Automating all aspects of the deployment of security controls
· Leading and serving as a focal point for security and compliance-related queries and strategies
3+ years of experience in equivalent information security.
Ability to identify common security risks in the cloud and formulate and execute security strategies.
Experience configuring and securing web applications, cryptography, including WAF and DDoS mitigation strategies.
Scripting skills, preferably in Python.
Extensive knowledge of Internet protocols, architectures, and security design principles.
Experience with AWS security and encryption components, such as IAM Policy, Cloud HSM, KMS, Guardduty, Cloudtrail, SSO, etc. (or equivalent)
Hands-on experience with third-party security solutions.
Previous experience on a security operations team, with experience coordinating responses to security incidents and understanding of security best practices relating to cloud environments.
Good understanding of security projects to address risks, including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management and user awareness.
Ability to gather and maintain evidence for security and compliance.
Self-drive to keep moving things forward.
One or more security-related certifications, such as CISSP, CEH, CISA, CISM, SECURITY+ or similar.
Experience triaging security alerts and executing incident response.
Experience with Git and CI/CD processes and tools, such as Jenkins, Teamcity, TravisCI, and CircleCI.
Strong sense of ownership, urgency, and drive.
Experience in compliance requirements (e.g., SOC2, ISO27001, HIPPA, PCI, etc.).