Product Security Engineer (Application Security)
- Bengaluru
If you received this vacancy from our recruiters — read our Privacy Notice.
Project overview
Team
Position overview
The ideal candidate will be able to balance hands-on security work with strong communication and stakeholder engagement, while operating with a high degree of autonomy.
Technology stack
Responsibilities
- Act as a security advocate for product owners and engineering teams
- Perform web, backend, and mobile security assessments
- Orchestrate and coordinate security testing activities including penetration testing
- Participate in architecture and design discussions to ensure security is embedded from the start
- Conduct threat modelling for new and existing features
- Support and improve secure development practices across engineering teams
- Integrate and enhance security tooling within CI/CD pipelines
- Ensure adherence to Secure Development Lifecycle (SDLC) practices
- Triaging findings from tools, bug bounty programs, and security reports
- Provide guidance on secure coding practices and vulnerability remediation
- Balance security requirements with engineering productivity
- Collaborate with internal teams and external vendors on security initiatives
- Additional responsibilities aligned to project needs:
- Manage and reduce security backlog (e.g., reviews, threat models, pentest coordination)
- Prevent backlog accumulation by efficiently handling incoming security requests
- Correlate findings across multiple security tools and prioritize remediation efforts
- Act as a security point of contact for specific product domains
- Coordinate with external vendors for security testing and assessments
- Provide practical and implementable security recommendations
- Quickly onboard and contribute with minimal ramp-up in a fast-paced environment
Requirements
- Experience in application security or product security roles
- Hands-on experience with offensive security testing (e.g., Burp Suite, Nmap, Kali Linux)
- Strong understanding of web and/or mobile security
- Experience working with cloud-native applications (preferably AWS).
- Solid knowledge of networking and operating systems
- Experience with threat modelling and secure design practices
- Basic programming knowledge (Python, JavaScript, Go, or similar)
- Ability to identify and remediate common vulnerabilities (e.g., SQL injection, XSS)
- Experience advising engineering teams on secure coding practices
- Basic understanding of cloud environments and infrastructure concepts
Nice to have
- Understanding of distributed systems security and service-to-service communication risks
- Familiarity with Kubernetes environments (no deep expertise required)
- Ability to prioritize vulnerabilities and reduce noise from security tools
- Strong stakeholder management and communication skills
- Ability to work independently and take ownership of responsibilities
Looking for Similar Opportunities?

We offer
Vacation
As per the laws of your country. We do ask you to take a proper rest
Health insurance
We help you to take out an insurance policy for you and your loved ones
Sick pay
10 days without a doctor's note, afterwards - as per the laws of your country
Time off for state holidays
According to the official calendar, regardless of the client’s schedule
Pleasant environment
Two large corporate parties and many small get-togethers for colleagues
Comfort service
Solving technical and everyday problems at work
What if I can’t find it?
FAQ for Candidates
Work on global projects, grow your career in a supportive, flexible, and innovative tech environment. We help cover the cost of IT certifications and provide access to top-tier courses and learning platforms. View current openings and take the next step with us.



