Product Security Engineer

About the Role

We are looking for a Product Security Engineer with 3–5 years of hands-on experience in identifying, assessing, and mitigating security risks across our products and platforms. The ideal candidate will work closely with engineering, DevOps, and product teams to integrate security throughout the software development lifecycle (SDLC) and ensure the security of our applications and infrastructure.

Key Responsibilities

• Conduct application security assessments, threat modeling, and code reviews for products and services.
• Perform static (SAST), dynamic (DAST), and software composition (SCA) analysis using modern tools.
• Collaborate with development teams to embed security controls in CI/CD pipelines.
• Review and enhance security architecture for web, mobile, and API-based applications.
• Work with DevOps teams to strengthen cloud security posture (AWS/GCP/Azure).
• Investigate and respond to product security incidents and vulnerability reports.
• Support bug bounty triage and coordinate fixes with engineering teams.
• Document and enforce secure coding practices and security guidelines.
• Participate in design and architecture reviews to ensure security-by-design principles.

Required Skills and Experience

• 3–5 years of experience in Application Security or Product Security roles.
• Strong knowledge of OWASP Top 10 Web, Mobile, API Security Top 10, and secure development practices.
• Experience in Infrastructure security ( External and Internal)
• Hands-on experience with tools like Burp Suite, ZAP, Check Marx, SonarQube, Veracode, GitLab Security, etc.
• Familiarity with CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) and integrating security scans.
• Knowledge of cloud security (AWS, Azure, GCP) and exposure to IAM, KMS, and network controls.
• Scripting knowledge (Python, Bash, or PowerShell) for automating security tasks.
• Understanding of container and Kubernetes security concepts.

Good to Have

• Experience with threat modeling (STRIDE, PASTA, etc.).
• Familiarity with infrastructure as code (Terraform, CloudFormation) security validation.
• Exposure to DevSecOps practices and security orchestration.
• Certifications such as CEH, OSCP, CSSLP, or AWS Security Specialty are a plus.