Back to jobs

Senior Product Security Architect

Tel Aviv

Gong harnesses the power of AI to transform how revenue teams win. The Gong Revenue AI Operating System unifies data, insights, and workflows into a single, trusted system that observes, guides, and acts alongside the world’s most successful revenue teams. Powered by the Gong Revenue Graph, AI-powered intelligence, specialized agents, and trusted applications, Gong helps more than 5,000 companies around the world deeply understand their teams and customers, automate critical sales workflows, and close more deals with less effort. For more information, visit www.gong.io.

At Gong, you will join a company built on innovative products, ambitious goals, and passionate people. We are shaping the future of revenue intelligence and we want people who are excited to build what comes next. You will work with a team that dreams big, moves fast, and cares deeply about the craft and about each other. Here, transparency and trust are core to how we operate, and every person has the opportunity to make a visible impact. If you want to grow, stretch, and do work that truly matters, Gong is the place to do the best work of your career.

About Gong

At Gong, we’re transforming customer-facing teams with our AI-powered platform that understands conversations, guides sales professionals, and drives better business outcomes. Security and trust are foundational to everything we build.

As a Product Security Architect, you will shape how security is built, not just review it. You’ll work closely with engineering to influence architecture, guide design decisions, and ensure security is embedded across Gong’s platform from the earliest stages where decisions matter most, not just where they are validated. You’ll take on complex, real-world challenges across cloud-native systems and AI-driven features, where security must evolve alongside scale and speed. This role is not about checklists or gatekeeping, but about applying strong technical judgment, making pragmatic trade-offs, and enabling teams to build secure systems by design. If you’re looking to have a meaningful impact on a real product, collaborate with high-caliber engineering teams, and help define modern product security at scale, you’ll find this role both challenging and rewarding.

What Makes This Role Unique at Gong

  • A product where security decisions truly matter - Gong processes and analyzes highly sensitive customer conversations at scale, creating unique challenges around data protection, privacy, and trust.
  • AI is core to the product, not a side project - You’ll work in an environment where AI/ML is deeply embedded, addressing real-world security challenges that go beyond traditional application security.
  • A platform operating at a meaningful scale -  You’ll deal with high-volume data, distributed systems, and production environments where security decisions have immediate and visible impact.
  • The opportunity to shape a growing security domain -  Product security at Gong is still evolving, giving you the ability to influence direction, introduce new ideas, and build things the right way.
  • A culture that values practical, engineering-driven security - Security is approached with a focus on real risk and practical solutions, not just compliance or process.
  • High ownership with room to grow - You’ll have the autonomy to take initiative, drive changes, and expand your impact as the company and platform continue to scale.

 

What You’ll Do

  • Shape security architecture where it matters most, partner with engineers early in the design phase to influence system architecture, define secure patterns, and make critical decisions before code is written
  • Work hands-on with engineering teams to secure real systems  review designs, dive into code and PRs when needed, and build small tools or proofs-of-concept to validate security assumptions
  • Lead threat modeling and deep design reviews  identify trust boundaries, abuse cases, and high-impact attack paths, and ensure controls hold up in real production environments
  • Own security design for authentication, authorization, and APIs, including identity flows (OAuth/OIDC), session management, and multi-tenant access control
  • Take ownership of complex security challenges across cloud-native, distributed, and AI-driven systems, where trade-offs are not obvious and solutions require both depth and pragmatism
  • Drive secure-by-design practices at scale, build guardrails, reusable patterns, and reference architectures that make secure implementation the default
  • Secure AI/ML features in production  address risks such as prompt injection, data poisoning, model misuse, and data exposure in collaboration with AI teams
  • Strengthen the software supply chain and CI/CD security to improve how dependencies, build pipelines, and artifacts are secured and validated
  • Embed security into developer workflows, integrate SAST, DAST, SCA, IaC scanning, and secrets detection in a way that is effective and adopted
  • Partner on high-severity vulnerabilities and incidents to drive root cause analysis, remediation, and long-term fixes that improve system resilience
  • Raise the security bar across engineering  mentor developers, influence design culture, and drive strong ownership of security

What You Bring

  • 8+ years of experience in Product Security, Application Security, or Security Architecture
  • Strong software engineering foundation with the ability to read code (e.g., Java, Python, JavaScript/TypeScript, React or similar), review PRs, and understand systems end-to-end.
  • Deep understanding of application security principles (OWASP Top 10, secure design, common vulnerability classes)
  • Experience securing cloud-native SaaS environments (AWS, GCP, and/or Azure), including containers and Kubernetes
  • Strong knowledge of authentication and authorization systems, including OAuth2, OIDC, SAML, and secure API design
  • Hands-on experience integrating security into CI/CD pipelines and developer workflows (SAST, DAST, SCA, secrets, IaC scanning)
  • Experience with threat modeling and risk assessment methodologies
  • Ability to analyze vulnerabilities end-to-end  from code to architecture to production impact
  • Strong communication skills and ability to influence engineering decisions without authority

Additional strengths:

  • Ability to work closely with developers and influence engineering decisions
  • Strong communication skills with both technical and business stakeholders
  • A pragmatic approach balancing security, usability, and speed

Advantages:

  • Experience securing AI/ML or LLM-based systems
  • Experience with software supply chain security
  • Experience in high-scale SaaS environments

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Select...

Gong will collect and use your personal data (e.g. - name, email, resume info) to evaluate your application for employment. Gong will save your personal data for up to 2 years in order to consider you for other, future potential job opportunities. We are happy to delete your data upon request. 

For a list of personal data categories, how Gong uses your personal data, and rights you have to your personal data, please visit Gong’s Job Candidates Privacy Notice, available at https://www.gong.io/gong-io-job-candidates-privacy-notice/

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Gong.io’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.