Listen to our podcast, catch insights from our team and get to know the monday.com culture
Over 100,000 organisations in over 200 industries in more than 140 countries trust monday.com to liberate their teams from menial and mundane work, enabling them to plan and run business processes, projects, and everyday work - fast, their way.
With monday.com, teams solve problems faster, instantly adapt, and continually improve. They become more fulfilled as they achieve extraordinary results. They become agents of excellence.
We're looking for Application Security Expert to join our rapidly growing security team. This is an amazing opportunity to join one of Israel's fastest growing startups and make an immediate and real impact on the future of our product. Our engineers aren't just executors of code; they're brilliant end-to-end thinkers who are incredibly independent and self-managed.
The security team, which is part of the R&D team, is a small but brilliant and hard-working team that manages and leads the company’s security aspects across all areas. As a company that stores and processes sensitive data for hundreds of thousands of users around the world, it is our responsibility to ensure that the company’s core assets and our users’ security and privacy are protected under the highest standards and at all costs. We strive to lead the company in all things security, take initiatives and take part in large processes led by other teams that require our expertise through help with planning, actual implementation and monitoring.
- Provide application security services including secure coding techniques and reviews, education & awareness, processes and tools, security testing support and guidance for internal software development projects.
- Provide guidance on security best practice and compliance, and undertake security testing.
- Identify application security risks and requirements for new projects and system developments.
- Sign-off on application security prior to live implementation
- Work with the architecture and development teams to review code for security vulnerabilities and embed/improve security threat modelling and secure coding in the development lifecycle
- Provide technical specialist advice to ensure that security standards are understood and can be complied with.
- Work with 3rd party suppliers to promote secure design and security testing.
- Develop security testing plans and integrate into the software development lifecycle.
- Perform/oversee security testing and manage remediation of identified vulnerabilities.
- Monitor and proactively report on current threats and vulnerabilities to application security.
- Prepare and monitor application security metrics and KPIs.
- Work with a small team of experienced and highly talented infrastructure and security engineers
- At least a 4 year experience in software development.
- In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
- In depth understanding of secure web application development.
- Experience of web application and Agile development methodologies.
- Comprehensive knowledge of IT and information security subject matter.
- Exposure to methods of promoting security awareness.
- Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships up to senior levels of management.
- Anticipates problems and identifies long-term implications of decisions and actions.
- Ability to work alone and build relationships across the organisation.
- Able to prioritise workload and drive work to set deadlines.
- Security certifications – CISSP, CISA, CISM.
- Technical certifications, e.g. GIAC ethical hacker, GIAC Certified Web Application Defender, GIAC Web Application Penetration Tester
- Experience with cloud applications