Specialist I, Product Security.

Job Title

Job Description

Title: Specialist I, Product Security.

Location: Bangalore

Who can apply - Product development in Product Security

Role Overview

• This role is embedded in the product development life cycle and ensures that Secure by Design, Privacy by Design, and threat modeling activities are carried out as part of the Secure Software Development Life Cycle (SSDLC).

• Individuals in this role engage with architects, technical leads, and R&D engineering and development teams to ensure security and privacy considerations are addressed early in the product development cycle.

• They collaborate with architects to identify appropriate security solutions, balancing security risk and business impact.

• The position emphasizes application security and product security risk management, with basic exposure to AI security considerations where AI/ML components are used.

Key Responsibilities

• Embed product security and privacy requirements into the design and development of medical devices and healthcare applications.

• Perform threat modeling (e.g., STRIDE, OWASP, MAESTRO) and product security risk assessments across all development phases.

• Assist business units in defining and implementing product security and privacy practices, including policies, standards, guidelines, and procedures.

• Verify that defined security and privacy requirements are implemented correctly and that controls operate as intended.

• Conduct security design reviews, code/security assessments, and compliance reviews for applications and product software.

• Guide teams in triaging, remediating, and tracking security findings from assessments, audits, and reviews.

• Provide product security risk management advice, including vulnerability impact analysis and risk acceptance recommendations.

• Review AI/ML-enabled application features for basic AI security and privacy risks, such as model misuse, data leakage, and adversarial threats.

• Provide guidance on secure use of AI services, model access control, data protection, and high-level AI risk mitigations.

• Collaborate with AI engineering teams to ensure AI components align with product security and regulatory expectations.

Required Experience & Qualifications

• 5 to 8 years of experience in product security and application security, with responsibility for securing software products or medical applications.

• Hands-on experience across architecture, design, development, testing, release, and maintenance phases of secure software development.

• Strong experience in application security reviews, secure design assessments, and threat modeling.

• Experience supporting security incidents, including root-cause analysis and risk impact evaluation.

• Prior experience working with medical devices, healthcare software, or regulated products is strongly preferred.

Application & Product Security

• Strong understanding of secure application architectures, OWASP Top 10, secure APIs, and authentication/authorization concepts.

• Experience reviewing and securing applications built using technologies such as Java, Spring, REST/SOAP APIs, and Linux-based environments.

• Knowledge of cryptography concepts, including encryption, hashing, PKI, certificates, and secure key management.

• Familiarity with penetration testing methodologies, vulnerability assessment techniques, and security testing tools (conceptual or hands-on).

• Strong exposure to healthcare and data protection regulations, including:

  • GDPR, HIPAA, and global privacy laws.

  • Medical device and quality standards (e.g., 21 CFR 820, ISO/TS 14265, or equivalent).

  • Experience supporting security audits, compliance assessments, and regulatory reviews.

Education

• Bachelor's degree in technical stream required ( BE, ME, MS, MCA)

• Degree or concentration in Computer Science, Information Systems, Information Security or similar preferred.

• Ideal candidate will have one of the following certifications

• Security- CISSP, CISM, SABSA, CEH

• Privacy - CIPP, CIPM, CIPT

How we work together
We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week.
Onsite roles require full-time presence in the company's facilities.
Field roles are most effectively done outside of the company's main facilities, generally at the customers or suppliers locations.
Indicate if this role is an office/field/onsite role.
About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
. Learn more about .
. Discover .
. Learn more about .
If you're interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care .

#LI-PHILIN