Application Security Team Lead

About the role

About monday.com At monday.com , we are reshaping the way teams work. Our AI Work Platform empowers organizations to build custom software applications and work management tools tailored to their needs. As a fast-growing, global SaaS company, trust and security are at the core of everything we do. We are seeking a visionary, hands-on leader to ensure our rapidly evolving platform remains secure, resilient, and trusted by millions worldwide. About the Role As our Application Security Team Lead, you will lead a team of talented security engineers, collaborating closely with Product and R&D to embed security across every phase of the software development lifecycle (SDLC). You will own the planning and execution of our global AppSec program, and drive a "secure-by-design" culture to ensure our agile deployment cycles never compromise on security. Key Responsibilities Strategic Leadership & Culture Define and execute a scalable application security roadmap aligned with monday.com ’s rapid growth. Foster a culture of security ownership across R&D via training, champion programs, and hands-on threat modeling. Mentor, scale, and inspire a high-performing team of AppSec engineers; encourage continuous learning and innovation. Technical & Operational Oversight Seamlessly integrate automated security testing (SAST, SCA, Secrets) into CI/CD pipelines. Lead threat modeling sessions and architectural reviews for major platform changes, new features, and infrastructure updates. Manage our bug bounty program, penetration testing, and internal vulnerability disclosures, ensuring timely, risk-based remediation. Collaboration & Compliance Act as a trusted advisor to product managers and engineering leads, balancing risk mitigation with business agility. Partner with Governance, Risk, and Compliance (GRC) to ensure application compliance with international standards (SOC 2, ISO 27001, GDPR, HIPAA). Requirements 8+ years in application security, with at least 3 years managing/scaling AppSec teams in cloud/SaaS environments. Strong background securing cloud-native applications (AWS preferable) and expertise with web application vulnerabilities (e.g., OWASP Top 10, CWE). Proficiency in modern programming languages represented in our stack (e.g., Node.js, Ruby on Rails, React) and experience with Kubernetes, Docker. Track record of implementing and optimizing AppSec tools in DevOps pipelines (GitHub, CI/CD tools). Strong communication skills, able to translate complex security concepts into actionable recommendations for developers and executives. If you are passionate about creating secure, scalable technology and leading with vision and technical depth, we'd love to meet you!