You are opening our Ukrainian language website. You can keep reading or switch to other languages.

Product Security Engineer (Application Security)

  • Бенґалуру
Маленька команда (1–10 колег)

Якщо ви отримали цю вакансію від наших рекрутерів, ознайомтеся з нашою Політикою про конфіденційність.

Project overview

The project focuses on enhancing product security capabilities within a modern, cloud-native environment. The goal is to ensure that security is embedded early in the software development lifecycle, supporting scalable product delivery while maintaining a strong security posture across applications and services.

Team

You will be part of a Product Security function operating within a broader Information Security organization. The team collaborates closely with engineering, product, and platform teams to ensure secure design, development, and deployment of applications. The environment is fast-paced, with multiple parallel initiatives including security assessments, threat modelling, tooling improvements, and vulnerability management.

Position overview

We are looking for a Product Security Engineer (Application Security) who will operate at a senior level and contribute across security engineering, advisory, and stakeholder collaboration areas. The role focuses on securing applications and systems early in the lifecycle, supporting engineering teams with secure design practices, and managing ongoing security activities such as assessments, reviews, and vulnerability remediation.

The ideal candidate will be able to balance hands-on security work with strong communication and stakeholder engagement, while operating with a high degree of autonomy.

Technology stack

SAST, SCA (e.g., Sonatype), DAST, vulnerability scanning tools, AWS security services (e.g., GuardDuty, Inspector), CI/CD pipelines, containerized environments, Kubernetes

Responsibilities

  • Act as a security advocate for product owners and engineering teams
  • Perform web, backend, and mobile security assessments
  • Orchestrate and coordinate security testing activities including penetration testing
  • Participate in architecture and design discussions to ensure security is embedded from the start
  • Conduct threat modelling for new and existing features
  • Support and improve secure development practices across engineering teams
  • Integrate and enhance security tooling within CI/CD pipelines
  • Ensure adherence to Secure Development Lifecycle (SDLC) practices
  • Triaging findings from tools, bug bounty programs, and security reports
  • Provide guidance on secure coding practices and vulnerability remediation
  • Balance security requirements with engineering productivity
  • Collaborate with internal teams and external vendors on security initiatives
  • Additional responsibilities aligned to project needs:
  • Manage and reduce security backlog (e.g., reviews, threat models, pentest coordination)
  • Prevent backlog accumulation by efficiently handling incoming security requests
  • Correlate findings across multiple security tools and prioritize remediation efforts
  • Act as a security point of contact for specific product domains
  • Coordinate with external vendors for security testing and assessments
  • Provide practical and implementable security recommendations
  • Quickly onboard and contribute with minimal ramp-up in a fast-paced environment

Requirements

  • Experience in application security or product security roles
  • Hands-on experience with offensive security testing (e.g., Burp Suite, Nmap, Kali Linux)
  • Strong understanding of web and/or mobile security
  • Experience working with cloud-native applications (preferably AWS).
  • Solid knowledge of networking and operating systems
  • Experience with threat modelling and secure design practices
  • Basic programming knowledge (Python, JavaScript, Go, or similar)
  • Ability to identify and remediate common vulnerabilities (e.g., SQL injection, XSS)
  • Experience advising engineering teams on secure coding practices
  • Basic understanding of cloud environments and infrastructure concepts

Nice to have

  • Understanding of distributed systems security and service-to-service communication risks
  • Familiarity with Kubernetes environments (no deep expertise required)
  • Ability to prioritize vulnerabilities and reduce noise from security tools
  • Strong stakeholder management and communication skills
  • Ability to work independently and take ownership of responsibilities

Шукаєте схожі можливості?

Спробуйте чат-ботів зі штучним інтелектом за допомогою нашого промпту, щоб знайти схожі вакансії, які відповідають Вашим навичкам та інтересам.
Image

We offer

Image

Відпустка

Згідно з законом вашої країни. Ми просимо обов'язково відпочити по-справжньому

Image

Страхування

Допомагаємо оформити страховку вам і вашим близьким

Image

Оплата лікарняних

10 днів без довідок від лікарів, далі — за законом вашої країни

Image

Відпочинок на свята

За офіційним календарем незалежно від клієнта

Image

Приємна обстановка

Два великі корпоративи та багато маленьких свят для колег

Image

Служба комфорту

Розв’язання технічних і побутових проблем на роботі