We are monday.com, a global software company transforming how businesses run. Our product suite can adapt to the needs of diverse industries and use cases within one powerful platform, empowering ~245,000 customers worldwide to reimagine how work gets done, drive greater efficiency, and scale like never before.
With over 2,500 employees across the globe, we grow by prioritizing transparency and knowledge sharing. We care about the impact you make, not the hours you clock, so we encourage initiative, ownership, and fresh thinking. We back our people with flexible work, wellness and mental health support, and a work environment built on collaboration.
monday.com is looking for an application security researcher to research our platform for vulnerabilities, manage our bug bounty program, and work with R&D to enhance the security of our platform. The Application Security Team is based in our headquarters, Tel Aviv, Israel - you’ll be the first to join the team from London.
monday.com works hybrid with 3 days in the London office.
About The Role
- Perform black, gray, and white box penetration testing on monday.com’s platform - both frontend and backend.
- Manage the bug bounty program, including hacker engagement and communication with the hacker community.
- End-to-end work on reported vulnerabilities as part of the bug bounty program.
- Provide guidance on security best practices to developers.
- Embed/improve security threat modeling and secure coding in the development lifecycle.
- Develop security abuse cases for testing as part of the software development lifecycle.
- Perform and oversee security testing and manage remediation of identified vulnerabilities.
- Monitor and proactively report on current threats and vulnerabilities to application security.
- Initiate and automate processes for detecting and monitoring the platform security.
Requirements
- Scripting capabilities and automation mindset.
- At least 2 years of experience in web penetration-testing, blackbox and whitebox.
- In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
- Experience working with the hacker/pen-testing community.
- Team player able to and build relationships across the organization, also remotely.
- Understanding of secure web application development.
- Comprehensive knowledge of IT and information security subject matter.
- Exposure to methods of promoting security awareness.
- Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships.
- Anticipates problems and identifies long-term implications of decisions and actions.
- Ability to work and learn alone.
- Able to prioritize workload and drive work to set deadlines.
#LI-DNI
Social Title
Application Security Researcher
Social Description
None
Our Team
None
Position Type
None
Internal requirements
None
Top Skills
Similar Jobs at monday.com
What you need to know about the Los Angeles Tech Scene
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
