Application Security Engineer

We are monday.com, a global software company transforming how businesses run. Our product suite can adapt to the needs of diverse industries and use cases within one powerful platform, empowering ~245,000 customers worldwide to reimagine how work gets done, drive greater efficiency, and scale like never before.

With over 2,500 employees across the globe, we grow by prioritizing transparency and knowledge sharing. We care about the impact you make, not the hours you clock, so we encourage initiative, ownership, and fresh thinking. We back our people with flexible work, wellness and mental health support, and a work environment built on collaboration.

monday.com is looking for an application security engineer to research our platform for vulnerabilities, manage our bug bounty program, and work with R&D to enhance the security of our platform. The Application Security Team is based in our headquarters, Tel Aviv, Israel - you’ll be the first to join the team from London.

monday.com works hybrid with 3 days in the London office.

• Perform black, gray, and white box penetration testing on monday.com’s platform - both frontend and backend.
• Manage the bug bounty program, including hacker engagement and communication with the hacker community.
• End-to-end work on reported vulnerabilities as part of the bug bounty program.
• Provide guidance on security best practices to developers.
• Embed/improve security threat modeling and secure coding in the development lifecycle.
• Develop security abuse cases for testing as part of the software development lifecycle.
• Perform and oversee security testing and manage remediation of identified vulnerabilities.
• Monitor and proactively report on current threats and vulnerabilities to application security.
• Initiate and automate processes for detecting and monitoring the platform security.

• Scripting capabilities and automation mindset.
• At least 2 years of experience in web penetration-testing, blackbox and whitebox.
• In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
• Experience working with the hacker/pen-testing community.
• Team player able to and build relationships across the organization, also remotely.
• Understanding of secure web application development.
• Comprehensive knowledge of IT and information security subject matter.
• Exposure to methods of promoting security awareness.
• Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships.
• Anticipates problems and identifies long-term implications of decisions and actions.
• Ability to work and learn alone.
• Able to prioritize workload and drive work to set deadlines.

#LI-DNI

Application Security Researcher