Product Security Engineer

Job Title: Product Security Engineer

Location: Bangalore, Karnataka

Duration: Long-Term Contract

Company Overview:

• FLUIDECH, an ESCONET group company and a deemed public company, is a technology consulting and managed services firm specialising in cybersecurity.
• Founded in 2014 and headquartered in Gurugramand today with a client base spanning over 100 organisations worldwideFluidech designs IT solutions aligned with business objectives, fostering trusted relationships and delivering measurable performance improvements.
• Established as a born-in-the-cloud company, Fluidech has evolved into a trusted technology partner that helps businesses build (Cloud & Infrastructure), automate (DevOps), and secure (Cyber Security services). Our solutions span diverse industry verticals, aligned with each client's business goals.
• In addition to holding ISO 9001 and ISO 27001 certifications and an award-winning cybersecurity team, the company has a strong value proposition in its GRC services across frameworks, including but not limited to NCIIPC's CAF, SEBI's CSCRF, and others.

Position Overview

• We're expanding our product security function to support fast-moving engineering teams building cloud-native web applications. Our developers ship quickly, experiment often, and work across a variety of stacks. Security's role is to provide guardrailsnot roadblocksso teams can move fast and safely.

• We're looking for strong Product Security Engineers who can partner deeply with engineering and help raise the security bar across our products, platform, and underlying cloud infrastructure.

What You'll Work On:

Product & Application Security

• Perform

  security reviews

  of

  web/mobile apps, microservices, and APIs

  .
• Conduct

  threat modelling (DFDs, architecture reviews, screen flows)

  for new and existing features.
• Work with engineering teams to design and implement secure patterns in a cloud native environment.

Secure SDLC & DevSecOps

• Embed

  security

  into

  CI/CD pipelines (SAST, DAST, SCA, container and IaC scanning).

• Help design, tune, and maintain security tooling (open source, commercial, and in-house).
• Shift left by building reusable guardrails, templates, and developer-friendly checks.

Application & Infrastructure Testing

• Perform

  hands-on vulnerability assessments

  and

  penetration testing

  for

  web/mobile/IoT components

  and

  backend services

  .
• Hunt for vulnerabilities in

  REST/gRPC APIs, authN/authZ flows

  , and

  multi-tenant architectures

  .
• Build scripts/automation to find boring but important bugs at scale.

Cloud & Platform Security

• Review and improve the security of cloud accounts, IAM, network boundaries, and storage.
• Collaborate with infra/platform teams to harden Kubernetes, serverless (lambdas/functions), and other PaaS components.
• Define and validate baseline configurations, policies, and detection guardrails.

Collaboration, Enablement

• Work closely with developers and tech leads to prioritise and remediate issues pragmatically.
• Communicate security concepts clearly to non-security stakeholders.

What Makes Someone a Strong Fit:

Candidates are likely to be successful if they:

• Have

  hands-on product security experience

  with

  modern web application

  stacks deployed on

  AWS, GCP, or Azure

  .
• Have a track record of finding real-world issues in:

• Web/mobile apps

• APIs and backend systems

• Cloud infrastructure and configuration

• Are comfortable discussing

  architecture, data flows, CI/CD pipelines, secure SDLC, IAM, IaC, serverless

  , etc.
• Can write quick scripts/automation (any language) to validate assumptions or scale testing.
• Know how to balance risk with business prioritiesa sense for when to push and when to offer options.
• Propose pragmatic solutions instead of just identifying problems.
• Collaborate effectively with strong engineering teams.
• Are genuinely interested in security, research, and problem-solving.

Nice-to-Have Experience

• Prior experience in high-performing product security teams at modern tech companies.
• Security code review for

  Java, Kotlin, Go, Node.js, Python, React/React Native

  , etc.

• Experience with:

• Kubernetes security
• Secrets management
• Multi-tenant SaaS security
• Privacy/security by design for data-heavy systems

Contributions to open-source security tools, security research, or responsible disclosure programs.