Senior Cloud Security Engineer

We are monday.com, a global software company transforming how businesses run. Our product suite can adapt to the needs of diverse industries and use cases within one powerful platform, empowering ~245,000 customers worldwide to reimagine how work gets done, drive greater efficiency, and scale like never before.

With over 2,500 employees across the globe, we grow by prioritizing transparency and knowledge sharing. We care about the impact you make, not the hours you clock, so we encourage initiative, ownership, and fresh thinking. We back our people with flexible work, wellness and mental health support, and a work environment built on collaboration.

We are seeking a high-performer and highly motivated individual to join our cloud infrastructure security team within the Security Group. 

This role is crucial in implementing and enhancing our cloud security initiatives, ensuring the protection, detection, and response to potential vulnerabilities and incidents.

This team collaborates closely with other groups within the security department and various departments across the company, such as the infrastructure team. Additionally, we work closely with best-of-breed vendors to enhance our security posture, ensuring continuous testing, improvement, and integration of cutting-edge solutions into our operations.

The primary objective is to ensure the highest level of security for our cloud infrastructure, including protection, detection, and response to potential vulnerabilities and incidents. Areas such as anomaly detection and system hardening for our production environment and other critical business units are a core part of this position. 

This position is a senior technical role within the Security group.

• Collaborative Security: Partner with R&D, business units, and the DevSecOps team to strengthen security across all layers. Work closely with internal security teams, including DataSec, SOC, Offensive Security, AppSec, and GRC, to ensure a cohesive strategy. Collaborate with external vendors and startups to integrate their expertise and products into our daily operations.
• Security Strategy and Implementation: Lead proactive and reactive security measures to protect our cloud infrastructure, focusing on fortification, defense, and incident response. Emphasize "shift left" practices to integrate security early in the development lifecycle.
• Technology and Identity Management: Oversee a diverse range of security solutions to ensure systems are robust and aligned with best practices. Implement identity and access management solutions and configure cloud environments securely to protect sensitive data and resources.
• Incident Monitoring and Response: Monitor for and respond to incidents in the cloud environment, ensuring rapid detection and resolution to maintain system integrity and security.
• Testing and Readiness: Conduct regular testing and drills to ensure preparedness and continuous improvement in areas such as DDOS protection and incident response.
• Infrastructure and Performance: Perform infrastructure reviews, develop security guidelines, and define KPIs and SLAs to drive security outcomes.

• Experience and Expertise: 5+ years in DevOps, DevSecOps, or Production Engineering, with a focus on attack surface reduction, threat hunting, and detection, preferably in SaaS organizations. 
• Organizational Experience: Experience working in large modern Saas engineering organizations (>250 developers), with a product-focused and engineering mindset.
• Ownership and Initiative: Demonstrated ability to take full ownership of projects, driving them to completion with a strong sense of responsibility and accountability.
• Collaboration and Communication: Positive team player who excels in collaborative environments, working effectively with cross-functional teams and engaging with external vendors to integrate solutions and achieve common goals.
• DevOps Security Mindset: Deep understanding of secure development lifecycles and infrastructure, with experience in building and managing the full application release cycle (CI/CD).
• Technical Proficiency: Strong technical skills with a comprehensive understanding of systems, cloud infrastructure, networking, firewall rules management, and application security. Familiarity with Linux environments, scripting, and programming.
• Security Knowledge: Solid understanding of cybersecurity principles and practices, with experience working with Cloud Detection and Response (CDR) systems to enhance threat detection and response capabilities.
• Problem Solving and Execution: Hands-on ability to resolve complex issues and architectural challenges, with a focus on getting things done efficiently and effectively.
• Adaptability and Focus: Ability to maintain focus while managing multiple tasks, ensuring high-quality outcomes across various projects.
• Vision and Design: Ability to see the bigger picture, conducting system architecture security reviews and secure design, with experience in multi-cloud security and familiarity with OWASP frameworks.
• Education: Bachelor’s degree in Computer Science or a related field - preferred.