Job Details

Join to apply for the Sr. Offensive Security Engineer role at Gong.

Gong empowers everyone in revenue teams to improve productivity, increase predictability, and drive revenue growth by deeply understanding customers and business trends; driving impactful decisions and actions. The Gong Revenue AI Platform captures and contextualizes customer interactions, surfaces insights and predictions, and powers actions and workflows that are essential for business success. More than 4,500 companies around the world rely on Gong to unlock their revenue potential. For more information, visit www.gong.io.

Responsibilities

• Be a part of Red Team operations and development within Ethical Hacking Methodologies from kickoff to remediation
• Conduct Red Team assessments against cloud environments and enterprise threat landscape to identify vulnerabilities in software, systems, networks, and logic
• Research and verify known attacks, exploits, and security weaknesses using researched and/or developed custom tools
• Develop accurate, comprehensive reports and presentations for both technical and executive audiences that assist all other security team colleagues
• Lead and drive Red Team internal development of scripts, tools, or methodologies to enhance Gong's red teaming, offensive security operations and development
• Work with IT, R&D engineering, and DevOps teams to ensure a comprehensive secure software development life cycle program
• Occasionally assist with purple team exercises, penetration tests and security assessments from kickoff to remediation, mentoring less experienced staff
• Assist with threat models with the developers and architecture teams
• Build out the function and manage a team of other offensive security engineers
• Assist with Gong's Bug Bounty program
• Understand what features the team should prioritize from a product security perspective
• Effectively communicate findings to stakeholders, including technical staff, executive leadership and legal counsel

Qualifications

• 5+ years of offensive security experience
• Threat modeling in a cloud environment
• In-depth knowledge of Secure SDLC
• AWS experience – a must
• Familiarity with attack frameworks and mitigation
• Experience with DAST and SAST
• Experience with application security testing tools such as Burp Suite, Corellium, or MobSF
• Experience with the MITRE ATT&CK Framework, TTP development and execution
• Experience with common C2 frameworks such as Sliver, Mythic, or Cobalt Strike
• Understanding and identification of the OWASP Top 10 vulnerabilities
• Security certifications such as GIAC's GPEN, GXPN or Offensive Security certifications such as OSCP, OSCE, OSWE or OSWA

Perks & Benefits

• Medical, dental, and vision plans designed to fit you and your family's needs
• Wellbeing Fund – flexible wellness stipend to support a healthy lifestyle
• Mental health benefits with covered therapy and coaching
• 401(k) program to help you invest in your future
• Education & learning stipend for personal growth and development
• Flexible vacation time to promote a healthy work-life blend
• Paid parental leave to support you and your family
• Company-wide recharge days each quarter
• Work-from-home stipend to help you succeed in a remote environment

Compensation

The annual salary range for this position is $122,400 – $180,000 USD. Compensation is based on factors unique to each candidate, including, but not limited to, job-related skills, qualifications, education, experience, and location. Additional compensation may include incentive compensation, bonus, equity, and benefits.

EEO Statement

Gong is an equal-opportunity employer. We believe that diversity is integral to our success and do not discriminate based on race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, military status, genetic information, or any other basis protected by applicable law.

Privacy Notice

To review Gong's privacy policy, visit for more details.