Marketplace Security Lead

This job is with Monday.com, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly. We are seeking a Marketplace Security Engineer to ensure the security posture, compliance, and assessment process of all apps within monday.com's marketplace. This role will be pivotal in safeguarding our customers, empowering developers, and aligning our marketplace with industry-leading security standards.About The RoleMarketplace Security FrameworkOwn and maintain a robust program that ensures the security framework of all apps in the marketplace.Work with Marketplace teams (Product and R&D) for incorporating security checks as part of app submission and ongoing lifecycle (ideally - develop new capabilities and scans that would be embedded from the product side)Define, implement, and continuously enhance security requirements for marketplace apps badges and security levels for appsAssure the app security posture checks corresponds with relevant controls from known security frameworks (ISO27001, HIPAA, NIST 800-53, etc) to provide customerSecurity Championship & OperationsCollaborate and work closely with monday.com's Application Security team to Establish and maintain alignment between app security processes and monday.com's security standards and best practices.Define, implement, and continuously enhance security and compliance requirements for marketplace apps, including prerequisites for badges such as "Hosted on monday" and "Shield badge"Oversee external validation mechanisms such as vulnerability scans, penetration tests, and security audits of marketplace apps.Validate developer-submitted security and compliance questionnaires, ensuring proper evidence and truthfulness.Maintain up-to-date security and compliance records for all apps in the marketplace.Continuously monitor marketplace apps and lead incident response for marketplace apps in the event of security breaches or vulnerabilities.Developer Community Security EnablementDefine clear guidelines on security gates and requirements for secure app developmentCreate and deliver training for the developer community (for the developer community (i.e. non-employee monday.com app developers) on such guidelines, including webinars and developer-facing documentation.Engage with developer community in case of feedback, disputes and overall inquiries.React to emerging threats and vulnerabilities, providing guidance to developers on mitigation strategies..Collaboration and Stakeholder EngagementPartner with marketplace product managers to gather customer feedback and perform competitive analysis, ensuring marketplace security framework meets industry and customer standards.Act as a focal point for security within the marketplace, representing monday.com in external forums or discussions on app security.Engage with industry marketplace security teams to collaborate and exchange ideasRequirementsHas 3-4 years of experience as a security engineer or security development (as part of the product)Strong knowledge of security frameworks and secure development practices.Knowing the web application stack - JavaScript, APIs (REST/GraphQL), OAuth, HTML5 and main web app vectors of attacks - XSS, SQL/prompt injections, etc.Hands-on experience with vulnerability scanning tools, security testing, and incident response processesFamiliarity with GRC principles, including risk assessments, compliance reviews, and policy management.Familiarity with bug bounty programs and other community-driven security initiatives.Advantage: experience in security research, including setting up labs for forensics and malware analysisAdvantage: background in providing PoCs as a base for product featuresStrong interpersonal skills with focus on education and collaborationExcellent communication skillsAbility to train developerscollaborate with cross-functional teams..A proactive and detail-oriented approach to problem-solving and risk management.Self starter and ability to move things from 0 to 1Advantage: Familia