Product Security Analyst

Job Title:

Exp: 8+years

Location: Pune

Job Summary:

We are seeking a Product Security Risk & Compliance Analyst Contractor to support the ongoing

development of cybersecurity risk management capabilities within a leading engineering

business unit. This role is ideal for an experienced professional with a strong background in

cyber risk governance, product security, and secure software development lifecycles (S-SDLC)

particularly in IoT and network-connected device environments.

This individual will help drive the maturity of the product security risk register, provide expert

guidance to risk owners, and support compliance and security incident response readiness. This

will be done while ensuring alignment with frameworks and regulatory standards such as MITRE

ATT&CK, EMB3D, CVE/CWE, OWASP IoT/AppSec, NIST 218, and ETSI IoT.

Key Responsibilities:

• Serve as a subject matter expert supporting product-focused cyber risk, compliance, and

governance initiatives for a broad network device product line.

• Collaborate with security, engineering, and product teams to identify, assess, and manage

cybersecurity risks related to IoT and networked devices.

• Support the development and continuous improvement of a Product Security Risk Register,

including documentation of risks, ownership, remediation and mitigation plans,

communication, and closure timelines.

• Lead and document risk assessments, including threat, likelihood, criticality, and impact

modeling, while providing actionable mitigation recommendations.

• Assist in establishing and evolving governance models aligned with internal policies and

external standards/regulations.

• Support security compliance and audit initiatives, including both company-led and market

certification-related efforts.

• Assist in coordinating risk response activities for escalated vulnerabilities or product security

incidents.

• Contribute to the creation and tracking of KPIs, risk metrics, and dashboards, and support

communication of risk posture to leadership.

• Interface with ServiceNow GRC modules across business units for structured risk tracking

and reporting.

• Collaborate across product, engineering, security, and compliance teams to enhance

security posture throughout the product lifecycle.

Required Qualifications:

• 3+ years in a cybersecurity risk analyst or governance role.
• 8+ years of direct experience in a cybersecurity role.
• Strong understanding of IoT and networked device security threats, vulnerabilities, controls,

and mitigations.

• Hands-on experience with risk management programs, product security assessments, and

compliance frameworks.

• Working knowledge of CVE and CWE scoring systems and cyber risk scoring methodologies.
• Familiarity with MITRE ATT&CK, EMB3D, and threat modeling.
• Solid understanding of secure SDLC practices and integrating security controls into product

development.

• Excellent communication skills with the ability to translate complex cyber risks into

actionable business insights.

• Familiarity with Slack/Teams, Jira, and Confluence.