Senior Product Security Engineer

Job Title: Senior Product Security Engineer

Location: Nashik/Pune, India

Job Type: Full-time

Experience Required: 7+ Years

Driven by transformative digital technologies and trends, here at RIB Software we've made it our primary purpose to propel the industry forward and make engineering and construction more efficient and sustainable.

Managing the entire building lifecycle from planning to construction, the development of our powerful portfolio of software solutions is driven by industry expertise, best practice and a passion to remain at the cutting edge of technology. Ultimately, connecting people, processes and data in innovative ways to ensure customers always complete projects within budget, on time and to quality, while reducing their carbon footprint.

RIB Software is a proud member of Schneider Electric.

Job Summary

As a Senior Product Security Engineer, you will play a critical hands-on role in securing multiple RIB Software products by embedding security throughout the Secure Development Lifecycle (SDL). You will work closely with Security Architects, Product Owners, Developers, Quality Engineers, DevOps, Security Operations, and Governance teams to ensure consistent execution of security best practices.

This role requires strong technical expertise in product and application security, with the ability to proactively identify risks, conduct assessments, and drive remediation efforts. You will contribute to strengthening product security posture from design through deployment and end-of-life, while championing a strong culture of security across engineering teams.

Key Responsibilities

• Execute and support Secure Development Lifecycle (SDL) activities across multiple products.
• Perform threat modelling, secure design reviews, and architecture assessments.
• Conduct application security testing using SAST, DAST, and SCA tools.
• Identify, triage, and prioritize vulnerabilities in collaboration with engineering teams.
• Support vulnerability management processes including remediation tracking and risk assessment.
• Assess and manage software supply chain security risks.
• Partner with development teams to integrate security controls into CI/CD pipelines.
• Collaborate with the Vulnerability Assessment and Penetration Testing (VAPT) team to address findings.
• Contribute to compliance initiatives (SOC 2, ISO 27001) and maintain required security evidence.
• Support secure coding practices and provide guidance to developers.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Participate in customer security discussions and security questionnaires as needed.

Qualifications and Experience

• 7+ years of experience in product security or application security.
• Strong hands-on experience with SDL processes and secure coding practices.
• Experience conducting security testing using SAST, DAST, and SCA tools.
• Experience with vulnerability management and risk assessment.
• Strong understanding of product and/or cloud security architecture.
• Familiarity with one or more of: C#, TypeScript, Java, JavaScript, Dart, C++, Python, and/or Delphi.
• Experience working in cross-functional product teams.
• Strong communication skills for technical and business stakeholders.
• Bachelor's degree in Computer Science, Cybersecurity, or related field, or equivalent experience.

Preferred Qualifications

• CSSLP or similar secure development certification
• Familiarity with cloud security best practices (preferably Azure)
• Experience with enterprise software security frameworks (SOC 2, ISO 27001)
• Background in SaaS or enterprise software environments
• Experience working in organizations with distributed product portfolios

Reports To: Head of Product Security

We offer a competitive salary and benefits package, as well as opportunities for professional growth and development. If you are passionate about building secure software and embedding security into modern engineering practices, we encourage you to apply.