Cognitive Collective

Helping you find your next career in AI. Learn more about the job board on the Scale blog.

Are you a scaling AI startup? Email maxwell@scalevp.com to be added to our board.
131
companies
2,368
Jobs

Lead Offensive Security Engineer

Gong

Gong

IT
San Francisco, CA, USA · Remote
Posted on Saturday, September 30, 2023

As Staff Offensive Security Engineer, you will:

  • Leads focus of Red Team operations and development within Ethical Hacking Methodologies from kickoff to remediation, mentoring less experienced staff.
  • Conduct Red Team assessments against cloud environments and enterprise threat landscape to identify vulnerabilities in software, systems, networks, and logic.
  • Research and verify known attacks, exploits, and security weaknesses using researched and/or developed custom tools.
  • Develop accurate comprehensive reports and presentations for both technical and executive audiences that assist all other security team colleagues.
  • Leads and drives Red Team internal development of scripts, tools, or methodologies to enhance Gong’s red teaming, offensive security operations and development.
  • Working with the Engineering & DevOps teams to ensure we have a comprehensive secure software development life cycle program
  • On occasion assists with purple team exercises, penetration tests and security assessments from kickoff to remediation, mentoring less experienced staff.
  • Assist with threat models with the developers and architecture teams
  • Manage Gong’s Bug Bounty program
  • Understand what features the team should prioritize from a product security perspective.
  • Effectively communicate findings to stakeholders, including technical staff, executive leadership and legal counsel.

You should apply if you have:

  • 7+ years of offensive security experience
  • Threat modeling in a cloud environment
  • In-depth knowledge of Secure SDLC
  • AWS Experience - a must
  • Familiarity with attack frameworks and mitigation
  • Experience with DAST and SAST
  • Experience with application security testing tools such as Burp Suite, Corellium, or MobSF.
  • Experience with the MITRE ATT&CK Framework, TTP development and execution.
  • Experience with common C2 frameworks such as Sliver, Mythic, or Cobalt Strike.
  • Understanding and identification of the OWASP Top 10 vulnerabilities
  • Security certifications such as GIAC’s GPEN, GXPN or Offensive Security certifications such a OSCP, OSCE, OSWE or OSWA

What makes the Security department at Gong unique?

Here at Gong, we trust and empower our employees with ownership to solve complex problems, make the right decisions and build the best products that create radical impact. We call it “Own. Solve. Impact.”

Our security team is at the forefront of a monumental shift in how we implement processes. Instead of simply saying "no," we embrace the mindset of "let's explore how we can make it work." Our security team brings a wealth of backgrounds, experience, and wisdom to the table. Which means that age comes before security, or is it the other way around?

If you are curious to discover Gong's wonderful and challenging world, what are you waiting for? Don’t delay - fill in your application details. Who knows, maybe there’s a Gongster in you!

About us

Gong unlocks reality to help people and companies reach their full potential. The patented Gong Reality Platform™ empowers companies to take advantage of their most valuable assets – customer interactions, which the Gong platform automatically captures and analyzes. Gong then delivers insights at scale, empowering revenue and go-to-market teams to determine the best actions for winning outcomes.

Gong is an equal-opportunity employer. We believe that diversity is integral to our success, and do not discriminate based on race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, military status, genetic information, or any other basis protected by applicable law.

To review Gong's privacy policy, visit https://www.gong.io/gong-io-job-candidates-privacy-notice/ for more details.

#LI-AC1