Senior Product Security Engineer

About Gong

At Gong, we’re transforming customer-facing teams with our AI-powered platform that understands conversations, guides sales professionals, and drives better business outcomes. Security and trust are foundational to everything we build.

As a Senior Product Security Engineer, you will help shape how security is built, not just how it is tested or reviewed. You’ll work closely with engineering teams to secure real systems in production, influencing how services, APIs, and data flows are implemented from the ground up.

This is a hands-on role, focused on solving real security problems across cloud-native architectures and AI-driven features. You’ll work directly with developers and DevOps, dive into systems when needed, and apply strong technical judgment to ensure security is built into the product, not added later.

What Makes This Role Unique at Gong

• A product where data sensitivity is real, not theoretical
  Gong processes and analyzes customer conversations at scale, creating unique challenges around data protection, privacy, and access control.
• AI is deeply embedded in the product
  Security challenges extend beyond traditional AppSec into data handling, model behavior, and misuse scenarios.
• Security is part of how we build, not a layer on top
  The role operates within engineering workflows, focusing on building secure systems rather than enforcing external controls.
• Meaningful scale and real production impact
  You’ll work on systems that handle large volumes of data and traffic, where security decisions directly affect reliability and trust.
• A culture that values practical, engineering-driven security
  The focus is on solving real problems and enabling teams, not on process-heavy or compliance-driven approaches.
• High ownership with room to grow
  You’ll have the autonomy to take initiative, drive improvements, and expand your impact as the platform evolves.

What You’ll Do

• Secure real product flows end-to-end - Work directly with engineers to identify and fix vulnerabilities across services, APIs, and data paths in production systems
• Drive secure-by-design practices in engineering - provide practical guidance on authentication, authorization, data protection, and service-to-service communication
• Secure cloud-native environments - strengthen identity (IAM), isolation, and access control across Kubernetes, containers, and cloud infrastructure
• Build and scale security in the development lifecycle - integrate and tune security tooling (SAST, SCA, IaC scanning, secrets detection) into CI/CD pipelines to improve signal and developer adoption
• Own vulnerability management as a system - prioritize risks, drive remediation with engineering teams, and eliminate recurring issues through root-cause fixes
• Strengthen software supply chain security