Senior DevSecOps Engineer

As a Senior DevSecOps Engineer, you'll tackle complex security challenges—from securing our cloud infrastructure to optimizing security controls—crafting inventive strategies that drive operational efficiency across our expanding systems. You'll work closely with cross-functional teams to shape and implement security practices that ensure the safety and compliance of our business. If you thrive on ownership, collaboration, and pushing security boundaries in a dynamic environment, this role offers an opportunity to make a significant impact.

You will be responsible for:

• Securing and optimizing our cloud services, with a primary focus on AWS, to ensure robust security and compliance.
• Following alignment with industry security best practices for DevOps services and tools.
• Supporting and enhancing our monitoring and alerting systems to detect and respond to threats together with our ProdSec team.
• Developing and implementing threat detection strategies to identify and mitigate potential risks.
• Automating the deployment of security controls to ensure consistent and scalable protection.
• Acting as a focal point for security and compliance-related queries and strategies within the DevSecOps team in our DevOps group, driving smarter security decisions that align with business goals.

You should apply if you have:

• 3+ years of experience in DevOps with a deep understanding of cloud security and best practices.
• Proven ability to identify common security risks and formulate and execute comprehensive security strategies.
• Experience with market-leading security tools and providers, coupled with scripting and development skills, preferably in Python.
• Extensive knowledge of internet protocols, architectures, and security design principles.
• Hands-on experience with AWS security and encryption services such as IAM Policy, KMS, GuardDuty, CloudTrail, and Identity Center (or equivalent).
• Strong understanding of security projects that address risks, including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management, and user awareness.
• Proven ability to gather and maintain evidence for security and compliance.
• Self-motivated with the drive to keep moving things forward.

Preferred Qualifications:

• One or more security-related certifications, such as CISSP, CEH, CISA, CISM, Security+, or similar.
• Experience in triaging security alerts and executing incident response.
• Experience with virtualization technologies, particularly in AWS services such as EKS.
• Strong sense of ownership, urgency, and drive.
• Shift-left mindset - i.e. how we’re an enabler rather than a bottleneck 
• Experience with compliance requirements (e.g., SOC2, ISO27001, HIPAA, PCI, etc.).

What makes the DevOps team at Gong unique? 

Here at Gong, we trust and empower our employees with ownership to solve complex problems, make the right decisions, and build the best products that create radical impact. We call this “Own. Solve. Impact.” 

Our DevOps team is dedicated to fostering a culture of collaboration and efficiency to empower our R&D efforts. This mindset permeates everything we do, from developing powerful tools that streamline processes to minimizing communication barriers and optimizing system design and infrastructure architecture. Here, you'll step into a world where versatility is embraced, and everyone is equipped to handle a range of tasks with expertise and agility. Welcome to a dynamic environment where wearing multiple hats is not just encouraged but celebrated.

About us 

Gong transforms revenue organizations by driving business efficiency, revenue growth, and improved decision-making. The Revenue Intelligence Platform uses proprietary artificial intelligence technology to enable teams to capture, understand, and act on all customer interactions in a single, integrated platform. Thousands of companies around the world rely on Gong to support their go-to-market strategies and grow revenue efficiently.

Here at Gong, we encourage our employees to express their personality and identity (whether gender, ethnic, religious, or sexual), and we ensure fairness and equal opportunities. We follow a hybrid working model that combines working from home, on the go, or at the office. This allows us: flexibility, autonomy, positive work relationships, and effective work habits.

If these considerations are important to you when choosing a work place, we'd love to see you with us.

To review Gong's privacy policy, visit www.gong.io/privacy-policy/ for more details.

#LI-RK2