Application Security Team Lead

At monday.com, we are reshaping the way teams work. Our AI Work Platform is an open platform that democratizes the power of software so organizations can easily build software applications and work management tools tailored to their exact needs. As a fast-growing, global SaaS company, trust and security are at the core of everything we do. We are looking for a visionary, hands-on leader to ensure our rapidly evolving platform remains secure, resilient, and trusted by millions of users worldwide.

As our Application Security Team Lead, you will lead a talented team of security engineers, working hand-in-hand with our Product and R&D organizations to embed security into every phase of the software development lifecycle (SDLC), while owning the planning and execution of our global AppSec program.

This is a high-impact managerial role that balances deep technical expertise with business influence. You will champion a "secure-by-design" culture, ensuring that our fast-paced deployment cycles never compromise on data protection and application resilience.

As our Application Security Team Lead, you will lead a talented team of security engineers, working hand-in-hand with our Product and R&D organizations to embed security into every phase of the software development lifecycle (SDLC), while owning the planning and execution of our global AppSec program.

This is a high-impact managerial role that balances deep technical expertise with business influence. You will champion a "secure-by-design" culture, ensuring that our fast-paced deployment cycles never compromise on data protection and application resilience.

Key Responsibilities

• Strategic Leadership & Culture
• Define the Vision: Craft and execute a comprehensive, scalable application security roadmap aligned with monday.com’s rapid growth and multi-product strategy.
• Cultivate a Security Mindset: Drive a culture of security ownership across R&D through training, champion programs, and collaborative threat modeling.
• Team Growth: Mentor, scale, and lead a high-performing team of AppSec engineers, fostering continuous learning and innovation.
• Technical & Operational Oversight
• Secure SDLC: Integrate automated security testing (SAST,SCA, Secrets) seamlessly into our CI/CD pipelines without slowing down engineering velocity.
• Threat Modeling & Review: Lead threat modeling sessions and architectural reviews for major platform shifts, new features, and infrastructure changes.
• Vulnerability Management: Oversee our bug bounty program, penetration testing engagements, and internal vulnerability disclosures, ensuring smart, risk-based prioritization and remediation.
• Collaboration & Compliance
• R&D Partnership: Act as a trusted advisor to product managers and engineering leads, balancing risk mitigation with business agility.
• Compliance & Trust: Partner with Governance, Risk, and Compliance (GRC) teams to ensure application alignment with international standards (e.g., SOC 2, ISO 27001, GDPR, HIPAA).

• Proven Leadership: 8+ years of experience in dedicated application security roles, with at least 3+ years successfully managing and scaling AppSec teams in a modern cloud/SaaS environment.
• Deep Technical Expertise: Strong background in securing cloud-native applications (AWS preferable) and deep knowledge of web application vulnerabilities (OWASP Top 10, CWE).
• Developer Fluent: Proficiency in modern programming languages used in our stack (e.g., Node.js, Ruby on Rails, React) and experience with containerized environments (Kubernetes, Docker).
• Automation Advocate: Proven track record of implementing and optimizing AppSec tooling directly into DevOps pipelines (GitHub, CI/CD tools).
• Outstanding Communication: Ability to translate complex cryptographic and security concepts into actionable business context for both developers and executive stakeholders.