Application Security PDP

This page contains the different roles within the App Sec Team path. Choose the relevant role you want to learn about. You can also enter the “Professional Path” (coming soon) to access the relevant skills and resources. 🔙

Choose the roles

Junior Application Security Engineer
Application Security Engineer
Application Security Expert
Senior Application Security Expert
IC Path
Application Security Tech Lead
Management Path
Application Security Team Lead

Choose the competencies

All
Professional skills
Independence
Complexity
Impact
Collaboration and communication
Culture and maturity

Junior Application Security Engineer

Professional Path
Professional skills

Support security awareness and training efforts.

Behaviors

  • Conduct penetration tests to assess the security of products/platforms
  • Support reviews of security architecture, threat modeling and code reviews
  • Participate in the evaluation of security tools and assist with integrating them into the development environment
  • Support the bug bounty program
Independence

Starts by working under supervision, and requires a certain level of guidance from team members / direct manager.

Behaviors

  • Gains ownership & executes projects and/or processes of the domain
Complexity

Be a proactive enabler not a blocker.

Behaviors

  • Understands the pains R&D have with with adding security tools and processes, but also to explain the benefits
  • Explains clearly the security requirements for features during development
  • Knows to differentiate between levels of security priority
Impact

Able to make a small, but consistent impact on the specific tasks level inside of the team.

Behaviors

  • Follows up on tasks and able to understand their impact
  • In each Q, able to solve tasks or participate in a big project of the team that has a major effect on the team goals
Collaboration and communication

Support security awareness and training efforts.

Behaviors

  • Communicates and collaborates mainly with colleagues from the security department
Culture and maturity

Relates to our culture and proactively tries to practice it.

Behaviors

  • Learns our culture
  • Speaks instances of the culture

Application Security Engineer

Professional Path
Professional skills

End-to-end responsibility for monday’s bug bounty program.

Behaviors

  • Track and manage application vulnerabilities
  • Create unit tests to verify platform security posture
  • Control the platform’s code security
  • Penetration testing & security tests for web, mobile, and desktop applications.
  • Lead shift-left process – security design review, code review, and CI/CD processes
  • Participate in production security incidents
  • Participate in the evaluation and operations of security tools and assist integrating them with the development environment and pipelines
Independence

Starts by working under supervision, and requires a minimal level of guidance from team members / direct manager.

Behaviors

  • Takes ownership & executes projects and/or processes of the domain
Complexity

Be a proactive enabler not a blocker.

Behaviors

  • Bringing R&D on board for adding security tools and processes
  • Explains clearly the security requirements for features during development
  • Knows to differentiate between levels of security priority
Impact

Able to consistently make sure their tasks are prioritized based on the team or company goals.

Behaviors

  • Raising flags and consulting others in order to leverage business impact
  • In each Q, able to lead small projects or participate in a big team effort that has a major effect on the company goals
Collaboration and communication

Strong cooperation with development teams on features, vulnerabilities, security tools, and more.

Behaviors

  • Work with hackers’ bug bounty program
  • Build a good relationship with development teams in order to work on features, vulnerabilities, security tools, and more
  • Gets to know the different departments and learns their needs through work
Culture and maturity

Familiar with the culture and is able to communicate it and act according to it.

Behaviors

  • Familiar with the department’s challenges and needs
  • Can contribute to discussions about solutions internally and externally

Application Security Expert

Professional Path
Professional skills

Provide guidance to junior-level security engineers. Responsible for troubleshooting production security issues. Lead production security incidents.

Behaviors

  • Help the organization evolve its application security functions and services
  • Responsible for upholding code reviews across all code platforms
  • Take charge of bug intake and remediation process for the organization
  • Own the secure development of specific R&D domains
  • Provide leadership for remediation of application vulnerability scanning and penetration testing
  • Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Application Testing tools
  • Discover security exposures and develop mitigation plans
  • Report and help fix the technical debt
  • Provide support to the Application Security Manager on all application security activities
  • Actively participate in security initiatives with minimum supervision
  • Function as a subject matter expert for security solutions within the organization’s platform
Independence

Execute independently – end-to-end ownership of tasks.

Behaviors

  • Initiates improvements to security processes
  • Able to learn and improve
  • Takes full ownership over assigned tasks
Complexity

Be a proactive enabler not a blocker.

Behaviors

  • Security promoter
  • Execution of cross-company projects
  • Develop areas of specialty
  • Pulls team tasks in order to balance the load, while challenging and innovating the team guidelines
Impact

Project focal point, leads a project to completion whilst monitoring data to ensure impact is achieved.

Behaviors

  • Understands the reasoning behind the project and is able to initiate pivot moves and find creative solutions to ensure the desired outcome and maximize impact
  • Cooperates with R&D to enhance security with new/updated features
  • In each Q, able to lead a project or participate in a domain of the group that has a major effect on the company goals
  • Owns team success and failure
Collaboration and communication

Work together with cross Business Unit teams (Engineering, DevOps, Legal & Privacy) on executing standardized security solutions and integrations.

Behaviors

  • Work closely with our R&D teams to provide patches and remediation to security issues
  • Communicate the company security needs internally (for example: employee training) and externally (for example: 3rd party vendors)
Culture and maturity

Familiar with the culture and is able to communicate it and act according to it.

Behaviors

  • Familiar with the domain challenges and needs
  • Can contribute to discussions about solutions internally and externally
  • Able to mentor juniors
  • Data driven decisions – prove your thoughts/assumptions based on clear data
  • Challenge your environment
  • Be results focus – show your continued progress – not an 80% symptom

Senior Application Security Expert

Professional Path
Professional skills

End-to-end management and leadership of DevOps processes, working with various Cloud infrastructures, writing complex scripts, etc. Define security best practices in for organization tasks. Work together with cross Business Unit teams on executing standardized security solutions and integrations. Partake in inner sourcing initiatives within the organization.

Behaviors

  • Developing CI/CD tools for the R&D teams
  • Participation in the specification/planning stage of feature development, including security aspects monitoring and abuse-cases
  • Participation in the specification/planning stage of security tools including integration with development teams, monitoring and control mechanisms
  • Responsible for upholding code reviews across all code platforms
  • Provide leadership application vulnerability scanning and penetration testing results and remediation plan
  • Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Application Testing tools
  • Provide support to the company and customers on all application security activities
  • Represent the organization in Application Security programs
  • Initiate and execute security projects with minimum supervision
  • Function as a subject matter expert for security solutions within the organization’s platforms
  • Provide guidance to junior-level security engineers
  • Responsible for troubleshooting production security issues
Independence

Full end-to-end ownership on projects and processes, as well as a focal point to all complex issues in his domain, in the goal of promoting domain/organization’s KPIs.

Behaviors

  • Works fully independently on issues of diverse scope under a general definition of the requirements of the role
  • Innovates ways to improve the processes and the security in monday
Complexity

Has ownership over critical verticals in the security domain, accross the organization.

Behaviors

  • Uses experience and data in order to improve/enhance/change current processes in the domain
  • Promotes security efficiently
  • Pulls team tasks in order to balance the load, while challenging and innovating the team guidelines
Impact

Full AppSec domain ownership. Leading all the aspects of their domain – execution, planning, quality – for various aspects owned by them and by other team members. 

Behaviors

  • In each Q, able to lead the domain or participate in company activities that have a major effect on the company goals
  • Owns domain success and failure
Collaboration and communication

Lead the communication regading cross-domain projects and processes.

Behaviors

  • Define the domain needs and communicate them within the domain and with others (internal and external).
Culture and maturity

Well established with the company culture and values and able to identify and realign misalignments.

Behaviors

  • Protective of company culture
  • Identify problems in the domain, and proactively offer and promote solutions to improve company practices and processes
  • Able to mentor several team members
  • Data driven decisions – prove your thoughts/assumptions based on clear data
  • Challenge your environment
  • Be results focus – show your continued progress – not an 80% symptom

Application Security Tech Lead

Professional Path
Professional skills

Impacts other domains on the day to day basis, a go to person in various areas in the organization, drives cross company efforts.

Behaviors

  • Functions as a seed for new efforts that require laying deep tech foundations, a unique design and/or massive amount of work
  • Triggers and drives our tech evolution steps before we break in a way that improves our product security and enhances the engineers day to day
  • Help others with finding creative solutions to technical problems in a way that maximizes their impact
  • Highly productive, manage to deliver significant progress, consistently
  • Solves problems that most others can’t, ones that were assumed as “impossible to crack” – makes things happen
  • Have a great halo effect that translates to people growth, drives deep technical understanding, standards improvements and better focus on the most impactful points in every team/project he’s part of
Independence

Holds the complexity of either multiple domains with a common area, or a domain with deep or very high complexity. Enabler of key projects, champion of secure architecture and security processes.

Behaviors

  • Leads a technical design of large and complex efforts
  • Breaks down into concerns and areas of volatility, provides high-level solutions, and either hands it off to the team and takes to the end
  • Tackles the most complex challenges in the building of a project or production incidents
  • Leads the research in new efforts within the security domain
  • Reduces complexity, makes complex and difficult tasks achievable and down to earth
  • Innovation is a value – its a sign of seniority
Complexity

Integral part in defining the group’s technological vision and the company solutions’ architecture.

Behaviors

  • Detects technical opportunities and gaps in the group level, and leads handling them
  • Holds deep technical specialization at an industry level
  • Provides technical guidance in specific areas
  • Ramps up on new technology fast and independently
  • Able to independently perform deep massive changes with speed while maintaining high quality
Impact

Consistent unique impact through application security.

Behaviors

  • Uses tech superpowers to drive efforts that have a significant impact on the security resilience, R&D and the company, consistently.
Collaboration and communication

Stakeholders management – can effectively communicate and set expectations with multiple stakeholders across the organization over a predefined goal.

Behaviors

  • Brings tensions to the surface, helps to resolve conflicts and produces a positive outcome
  • Leads the live security community in the organization
Culture and maturity

Drives the monday culture within their group, by their day to day actions and behaviors. Being a role model to others.

Behaviors

  • Drives strong enthusiasm and a ‘can do’ attitude to achieving results for employees – creating a winner state of mind
  • Promotes monday’s culture in their day to day actions and decisions, sets an example in their actions that promotes our core values and principles
  • Recognize and put emphasis on actions that drive our culture
  • A builder, sets standards by examples and actions. Takes mundane and everyday tasks and manages to make “gold out of them” in a way that affects others perception
  • Respects differences and similarities; taking the time to understand the viewpoints of others
  • Data driven decisions – prove your thoughts/assumptions based on clear data
  • Challenge your environment
  • Be results focus – show your continued progress – not an 80% symptom

Application Security Team Lead

Professional Path
Professional skills

Partner with the team for prioritization, planning, tracking, and progress reporting. Grow the team by hiring members with a balanced set of expertise and skills. Monitoring security issues in the organization.

Behaviors

  • Build, maintain, and enhance AppSec tooling and integrations
  • Support the R&D teams through the SSDLC processes (design review, code review, dynamic analysis, bug bounty promotions, etc) and act as a security mentor for our R&D
  • Identify, evaluate, and implement the best solutions for security findings in a production environment (secure development lifecycle)
  • Identify application security risks and requirements for new projects and system developments
  • Work closely with our product team to build monday.com’s enterprise-ready features
  • Evaluate architecture, design, and code to ensure they are free from potential vulnerabilities and security risks
  • Lead and operate incident response operations as they arise
  • Hands on – lead by example
Independence

Works independently on issues of diverse scope under a general definition of the requirements of the role. Full E2E ownership on projects and processes, as well as a focal point to all complex issues in his domain, in the goal of Defining domain/organization’s KPIs.

Behaviors

  • Track progress
  • Fix whats broken – suggest improvement, create definition of done & execute
  • Controls the domain’s material with details, has the right knowledge and ability to drive delivery of high-quality results of their team
  • Understand all aspects in the domain and manages to set a standard in every aspect – tech, business, product, craftsmanship
  • Manage to fill any gaps in the team level (including other functions, like privacy, design, or analyst) to keep the domain effectively working
  • Go-to person in every aspect and is able to provide guidance and insights in every area under the domain
Complexity

Holds the entire team complexity from end-to-end. Can provide solutions and guidance on all aspects within the domain. Typically leads an entire domain within a group, typically up to 6 engineers.

Behaviors

  • Guides the full forms implementation, manages to provide insights about the technical design and ways to ensure quality
  • Can explain the motivations behind the design of notifications aggregation
  • Conducts a sync meeting
  • Can plan a quarter roadmap, accounting for dependencies and pitfalls, analyze risks and complexities and build a setup for the execution
Impact

n/a

Collaboration and communication

Keep all team members aligned with others work by creating sharing environment. Establish trust & honesty in personal communication channels.

Behaviors

  • Creates a safe place to talk – any idea or comment can be heard
  • Communicating clearly the intent behind their actions
  • Listen more than talk
  • Leads conversations by asking questions and creates discussions between all team members
Culture and maturity

Promotes monday’s culture in their day to day actions and decisions, sets an example in their actions that promotes our core values and principles.

Behaviors

  • Drives strong enthusiasm and a ‘can do’ attitude to achieving results for employees – creating a winner state of mind
  • Recognize and put emphasis on actions that drive our culture
  • A builder first, sets standards by example
  • Creates a winning atmoshphire – perceived as an excellent, winner and encourage other to be up to their level
  • Respects differences and similarities; taking the time to understand the viewpoints of others
  • Brings tensions to the surface, helps to resolve conflicts and produces a positive outcome
  • Involve impact driven consideration in the team level
  • Data driven decisions – prove your thoughts/assumptions based on clear data
  • Challenge your environment
  • Be results focus – show your continued progress – not an 80% symptom