Product Security Engineer (Application Security)
- Бенґалуру
Якщо ви отримали цю вакансію від наших рекрутерів, ознайомтеся з нашою Політикою про конфіденційність.
Project overview
Team
Position overview
The ideal candidate will be able to balance hands-on security work with strong communication and stakeholder engagement, while operating with a high degree of autonomy.
Technology stack
Responsibilities
- Act as a security advocate for product owners and engineering teams
- Perform web, backend, and mobile security assessments
- Orchestrate and coordinate security testing activities including penetration testing
- Participate in architecture and design discussions to ensure security is embedded from the start
- Conduct threat modelling for new and existing features
- Support and improve secure development practices across engineering teams
- Integrate and enhance security tooling within CI/CD pipelines
- Ensure adherence to Secure Development Lifecycle (SDLC) practices
- Triaging findings from tools, bug bounty programs, and security reports
- Provide guidance on secure coding practices and vulnerability remediation
- Balance security requirements with engineering productivity
- Collaborate with internal teams and external vendors on security initiatives
- Additional responsibilities aligned to project needs:
- Manage and reduce security backlog (e.g., reviews, threat models, pentest coordination)
- Prevent backlog accumulation by efficiently handling incoming security requests
- Correlate findings across multiple security tools and prioritize remediation efforts
- Act as a security point of contact for specific product domains
- Coordinate with external vendors for security testing and assessments
- Provide practical and implementable security recommendations
- Quickly onboard and contribute with minimal ramp-up in a fast-paced environment
Requirements
- Experience in application security or product security roles
- Hands-on experience with offensive security testing (e.g., Burp Suite, Nmap, Kali Linux)
- Strong understanding of web and/or mobile security
- Experience working with cloud-native applications (preferably AWS).
- Solid knowledge of networking and operating systems
- Experience with threat modelling and secure design practices
- Basic programming knowledge (Python, JavaScript, Go, or similar)
- Ability to identify and remediate common vulnerabilities (e.g., SQL injection, XSS)
- Experience advising engineering teams on secure coding practices
- Basic understanding of cloud environments and infrastructure concepts
Nice to have
- Understanding of distributed systems security and service-to-service communication risks
- Familiarity with Kubernetes environments (no deep expertise required)
- Ability to prioritize vulnerabilities and reduce noise from security tools
- Strong stakeholder management and communication skills
- Ability to work independently and take ownership of responsibilities
Шукаєте схожі можливості?

We offer
Відпустка
Згідно з законом вашої країни. Ми просимо обов'язково відпочити по-справжньому
Страхування
Допомагаємо оформити страховку вам і вашим близьким
Оплата лікарняних
10 днів без довідок від лікарів, далі — за законом вашої країни
Відпочинок на свята
За офіційним календарем незалежно від клієнта
Приємна обстановка
Два великі корпоративи та багато маленьких свят для колег
Служба комфорту
Розв’язання технічних і побутових проблем на роботі
