Gong
Sr. Offensive Security Engineer
Join to apply for the
Sr. Offensive Security Engineer
role at
Gong
Gong empowers everyone in revenue teams to improve productivity, increase predictability, and drive revenue growth by deeply understanding customers and business trends. The Gong Revenue AI Platform captures and contextualizes customer interactions, surfaces insights and predictions, and powers actions and workflows that are essential for business success. More than 4,500 companies around the world rely on Gong to unlock their revenue potential.
We are seeking an experienced Offensive Security Engineer to help expand our red team. If you're excited to join a fast‑growing team and have a direct impact on a platform used by some of the biggest names in tech, we want to meet you!
In this position, you will support the efforts to ensure that the ML/AI‑based features our customers love stay secure, fostering new innovation with our research team to dream even bigger. Gong is uniquely positioned to gain value from true ML/AI capabilities to drastically improve our value to customers, creating a real differentiated advantage over the competition. We don’t mix the AI/ML powder and hope for the best; we do it for real.
Responsibilities
Be a part of Red Team operations and development within Ethical Hacking Methodologies from kickoff to remediation
Conduct Red Team assessments against cloud environments and enterprise threat landscape to identify vulnerabilities in software, systems, networks, and logic
Research and verify known attacks, exploits, and security weaknesses using researched and/or developed custom tools
Develop accurate comprehensive reports and presentations for both technical and executive audiences that assist all other security team colleagues
Lead and drive Red Team internal development of scripts, tools, or methodologies to enhance Gong’s red teaming, offensive security operations and development
Work with IT, R&D engineering, and DevOps teams to ensure a comprehensive secure software development life cycle program
Occasionally assist with purple team exercises, penetration tests and security assessments from kickoff to remediation, mentoring less experienced staff
Assist with threat models with developers and architecture teams
Build out the function and manage a team of other offensive security engineers
Assist with Gong’s Bug Bounty program
Understand what features the team should prioritize from a product security perspective
Effectively communicate findings to stakeholders, including technical staff, executive leadership and legal counsel
Qualifications
5+ years of offensive security experience
Threat modeling in a cloud environment
In‑depth knowledge of Secure SDLC
AWS experience – a must
Familiarity with attack frameworks and mitigation
Experience with DAST and SAST
Experience with application security testing tools such as Burp Suite, Corellium, or MobSF
Experience with MITRE ATT&CK Framework, TTP development and execution
Experience with common C2 frameworks such as Sliver, Mythic, or Cobalt Strike
Understanding and identification of the OWASP Top 10 vulnerabilities
Security certifications such as GIAC’s GPEN, GXPN or Offensive Security certifications such as OSCP, OSCE, OSWE or OSWA
Perks & Benefits
Medical, dental, and vision plans designed to fit you and your family’s needs
Wellbeing Fund – flexible wellness stipend to support a healthy lifestyle
Mental Health benefits with covered therapy and coaching
401(k) program to help you invest in your future
Education & learning stipend for personal growth and development
Flexible vacation time to promote a healthy work‑life blend
Paid parental leave to support you and your family
Company‑wide recharge days each quarter
Work from home stipend to help you succeed in a remote environment
The annual salary hiring range for this position is $122,400 - $180,000 USD.
Compensation is based on factors unique to each candidate, including, but not limited to, job‑related skills, qualification, education, experience, and location. At Gong, we have a location‑based compensation structure, which means there may be a different range for candidates in other locations. The total compensation package for this position, in addition to base compensation, may include incentive compensation, bonus, equity, and benefits. Some of our sales compensation programs also offer the potential to achieve above‑targeted earnings for those who exceed their sales targets.
We are always looking for outstanding Gongsters! So if this sounds like something that interests you regardless of compensation, please reach out. We may have more roles for you to consider and would love to connect.
We have noticed a rise in recruiting impersonations across the industry, where scammers attempt to access candidates’ personal and financial information through fake interviews and offers. All Gong recruiting email communications will always come from the @gong.io domain. Any outreach claiming to be from Gong via other sources should be ignored.
Gong is an equal‑opportunity employer. We believe that diversity is integral to our success, and do not discriminate based on race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, military status, genetic information, or any other basis protected by applicable law.
To review Gong’s privacy policy, visit https://www.gong.io/gong-io-job-candidates-privacy-notice/ for more details.
#J-18808-Ljbffr
Sr. Offensive Security Engineer
role at
Gong
Gong empowers everyone in revenue teams to improve productivity, increase predictability, and drive revenue growth by deeply understanding customers and business trends. The Gong Revenue AI Platform captures and contextualizes customer interactions, surfaces insights and predictions, and powers actions and workflows that are essential for business success. More than 4,500 companies around the world rely on Gong to unlock their revenue potential.
We are seeking an experienced Offensive Security Engineer to help expand our red team. If you're excited to join a fast‑growing team and have a direct impact on a platform used by some of the biggest names in tech, we want to meet you!
In this position, you will support the efforts to ensure that the ML/AI‑based features our customers love stay secure, fostering new innovation with our research team to dream even bigger. Gong is uniquely positioned to gain value from true ML/AI capabilities to drastically improve our value to customers, creating a real differentiated advantage over the competition. We don’t mix the AI/ML powder and hope for the best; we do it for real.
Responsibilities
Be a part of Red Team operations and development within Ethical Hacking Methodologies from kickoff to remediation
Conduct Red Team assessments against cloud environments and enterprise threat landscape to identify vulnerabilities in software, systems, networks, and logic
Research and verify known attacks, exploits, and security weaknesses using researched and/or developed custom tools
Develop accurate comprehensive reports and presentations for both technical and executive audiences that assist all other security team colleagues
Lead and drive Red Team internal development of scripts, tools, or methodologies to enhance Gong’s red teaming, offensive security operations and development
Work with IT, R&D engineering, and DevOps teams to ensure a comprehensive secure software development life cycle program
Occasionally assist with purple team exercises, penetration tests and security assessments from kickoff to remediation, mentoring less experienced staff
Assist with threat models with developers and architecture teams
Build out the function and manage a team of other offensive security engineers
Assist with Gong’s Bug Bounty program
Understand what features the team should prioritize from a product security perspective
Effectively communicate findings to stakeholders, including technical staff, executive leadership and legal counsel
Qualifications
5+ years of offensive security experience
Threat modeling in a cloud environment
In‑depth knowledge of Secure SDLC
AWS experience – a must
Familiarity with attack frameworks and mitigation
Experience with DAST and SAST
Experience with application security testing tools such as Burp Suite, Corellium, or MobSF
Experience with MITRE ATT&CK Framework, TTP development and execution
Experience with common C2 frameworks such as Sliver, Mythic, or Cobalt Strike
Understanding and identification of the OWASP Top 10 vulnerabilities
Security certifications such as GIAC’s GPEN, GXPN or Offensive Security certifications such as OSCP, OSCE, OSWE or OSWA
Perks & Benefits
Medical, dental, and vision plans designed to fit you and your family’s needs
Wellbeing Fund – flexible wellness stipend to support a healthy lifestyle
Mental Health benefits with covered therapy and coaching
401(k) program to help you invest in your future
Education & learning stipend for personal growth and development
Flexible vacation time to promote a healthy work‑life blend
Paid parental leave to support you and your family
Company‑wide recharge days each quarter
Work from home stipend to help you succeed in a remote environment
The annual salary hiring range for this position is $122,400 - $180,000 USD.
Compensation is based on factors unique to each candidate, including, but not limited to, job‑related skills, qualification, education, experience, and location. At Gong, we have a location‑based compensation structure, which means there may be a different range for candidates in other locations. The total compensation package for this position, in addition to base compensation, may include incentive compensation, bonus, equity, and benefits. Some of our sales compensation programs also offer the potential to achieve above‑targeted earnings for those who exceed their sales targets.
We are always looking for outstanding Gongsters! So if this sounds like something that interests you regardless of compensation, please reach out. We may have more roles for you to consider and would love to connect.
We have noticed a rise in recruiting impersonations across the industry, where scammers attempt to access candidates’ personal and financial information through fake interviews and offers. All Gong recruiting email communications will always come from the @gong.io domain. Any outreach claiming to be from Gong via other sources should be ignored.
Gong is an equal‑opportunity employer. We believe that diversity is integral to our success, and do not discriminate based on race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, military status, genetic information, or any other basis protected by applicable law.
To review Gong’s privacy policy, visit https://www.gong.io/gong-io-job-candidates-privacy-notice/ for more details.
#J-18808-Ljbffr