Why This Job is Featured on The SaaS Jobs
Why this Role is Featured on The SaaS Jobs
Product security architecture is increasingly central to SaaS companies that operate multi-tenant, cloud-native platforms and process sensitive customer data. This role stands out in the SaaS ecosystem because it sits at the intersection of platform architecture, identity and access design, and secure delivery practices, with added relevance where AI features are part of the core product surface.
For a long-term SaaS career, this kind of position builds durable leverage across organisations: shaping secure-by-design patterns that can be reused across teams, influencing engineering decisions early, and translating risk into practical architecture choices. The remit touches common SaaS scaling realities such as distributed systems, API-first development, CI/CD automation, and supply chain integrity, all of which transfer well across modern B2B software environments.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
About Gong
At Gong, we’re transforming customer-facing teams with our AI-powered platform that understands conversations, guides sales professionals, and drives better business outcomes. Security and trust are foundational to everything we build.
As a Product Security Architect, you will shape how security is built, not just review it. You’ll work closely with engineering to influence architecture, guide design decisions, and ensure security is embedded across Gong’s platform from the earliest stages where decisions matter most, not just where they are validated. You’ll take on complex, real-world challenges across cloud-native systems and AI-driven features, where security must evolve alongside scale and speed. This role is not about checklists or gatekeeping, but about applying strong technical judgment, making pragmatic trade-offs, and enabling teams to build secure systems by design. If you’re looking to have a meaningful impact on a real product, collaborate with high-caliber engineering teams, and help define modern product security at scale, you’ll find this role both challenging and rewarding.
What Makes This Role Unique at Gong
- A product where security decisions truly matter - Gong processes and analyzes highly sensitive customer conversations at scale, creating unique challenges around data protection, privacy, and trust.
- AI is core to the product, not a side project - You’ll work in an environment where AI/ML is deeply embedded, addressing real-world security challenges that go beyond traditional application security.
- A platform operating at a meaningful scale - You’ll deal with high-volume data, distributed systems, and production environments where security decisions have immediate and visible impact.
- The opportunity to shape a growing security domain - Product security at Gong is still evolving, giving you the ability to influence direction, introduce new ideas, and build things the right way.
- A culture that values practical, engineering-driven security - Security is approached with a focus on real risk and practical solutions, not just compliance or process.
- High ownership with room to grow - You’ll have the autonomy to take initiative, drive changes, and expand your impact as the company and platform continue to scale.
What You’ll Do
- Shape security architecture where it matters most, partner with engineers early in the design phase to influence system architecture, define secure patterns, and make critical decisions before code is written
- Work hands-on with engineering teams to secure real systems review designs, dive into code and PRs when needed, and build small tools or proofs-of-concept to validate security assumptions
- Lead threat modeling and deep design reviews identify trust boundaries, abuse cases, and high-impact attack paths, and ensure controls hold up in real production environments
- Own security design for authentication, authorization, and APIs, including identity flows (OAuth/OIDC), session management, and multi-tenant access control
- Take ownership of complex security challenges across cloud-native, distributed, and AI-driven systems, where trade-offs are not obvious and solutions require both depth and pragmatism
- Drive secure-by-design practices at scale, build guardrails, reusable patterns, and reference architectures that make secure implementation the default
- Secure AI/ML features in production address risks such as prompt injection, data poisoning, model misuse, and data exposure in collaboration with AI teams
- Strengthen the software supply chain and CI/CD security to improve how dependencies, build pipelines, and artifacts are secured and validated
- Embed security into developer workflows, integrate SAST, DAST, SCA, IaC scanning, and secrets detection in a way that is effective and adopted
- Partner on high-severity vulnerabilities and incidents to drive root cause analysis, remediation, and long-term fixes that improve system resilience
- Raise the security bar across engineering mentor developers, influence design culture, and drive strong ownership of security
What You Bring
- 8+ years of experience in Product Security, Application Security, or Security Architecture
- Strong software engineering foundation with the ability to read code (e.g., Java, Python, JavaScript/TypeScript, React or similar), review PRs, and understand systems end-to-end.
- Deep understanding of application security principles (OWASP Top 10, secure design, common vulnerability classes)
- Experience securing cloud-native SaaS environments (AWS, GCP, and/or Azure), including containers and Kubernetes
- Strong knowledge of authentication and authorization systems, including OAuth2, OIDC, SAML, and secure API design
- Hands-on experience integrating security into CI/CD pipelines and developer workflows (SAST, DAST, SCA, secrets, IaC scanning)
- Experience with threat modeling and risk assessment methodologies
- Ability to analyze vulnerabilities end-to-end from code to architecture to production impact
- Strong communication skills and ability to influence engineering decisions without authority
Additional strengths:
- Ability to work closely with developers and influence engineering decisions
- Strong communication skills with both technical and business stakeholders
- A pragmatic approach balancing security, usability, and speed
Advantages:
- Experience securing AI/ML or LLM-based systems
- Experience with software supply chain security
- Experience in high-scale SaaS environments
