Sr. Product Security Engineer
Location: Bengaluru
Experience: 5+ years
About Pocket FM
Pocket FM, founded in 2018, is India's leading audio storytelling platform, transforming the way millions consume stories. Offering high-quality serialized content across genres such as Romance, Drama, Thriller, Fantasy, Sci-Fi, and Mythology in eight languages, Pocket FM has built a strong global presence with over 200 million listeners worldwide. With users spending an average of 120 minutes daily on the platform, it has emerged as one of the fastest-growing audio platforms, rapidly expanding its reach across the US, Europe, LATAM, and Southeast Asia.
Role Overview
As a key member in product security, you will play a pivotal role in championing security throughout the entire product development lifecycle. You will collaborate with engineering, product management, and other stakeholders to identify and mitigate security risks, ensuring our products are built with security and compliance in mind.
Responsibilities
- Lead and participate in security assessments, threat modeling, and penetration testing activities for new and existing products.
- Define and implement a comprehensive product security strategy, aligning it with business objectives and industry best practices.
- Develop and maintain secure coding practices and security engineering standards for the development team.
- Automate repetitive processes and write internal tools to boost productivity and visibility
- Foster a culture of security awareness within product teams and educate them on security best practices.
- Collaborate with product managers to integrate security considerations into the product development lifecycle.
- Stay up-to-date on the latest security threats and vulnerabilities and proactively address them.
- Manage and prioritize product security vulnerabilities, working with engineering teams to implement effective remediation plans.
- Develop and maintain security documentation, including threat models,
security requirements, and incident response plans.
- Track and report on product security metrics and communicate the security posture of products to stakeholders.
- May participate in security incident response activities and provide guidance on mitigation strategies.
Requirements
- Minimum 5+ years of experience in product security or a related field.
- Proven experience in security assessments, threat modeling, code reviews, and penetration testing methodologies.
- Hands-on experience on security of content and PII will be an added advantage.
- In-depth understanding of secure coding practices and secure software development life cycle (SDLC) principles.
- Scripting experience in Bash, Python, etc.
- Experience in AWS/GCP infrastructure security will be an added advantage
- Excellent communication, collaboration, and interpersonal skills with the ability to effectively influence cross-functional teams.
- Strong analytical and problem-solving skills.
- Ability to prioritize tasks and manage multiple projects simultaneously.
- A passion for building secure products and fostering a security-conscious culture.
- Experience with common security tools and frameworks (e.g., OWASP, CWE) a plus.
- Certifications in security (e.g., OSCP) is a plus.
You can get more updates, insights and everything behind the scenes at Pocket FM here - Pocket FM
