Product Security Engineer

Role & responsibilities

• Conduct application security assessments, threat modeling,

and code reviews for products and services.

• Perform static (SAST), dynamic (DAST), and software

composition (SCA) analysis using modern tools.

• Collaborate with development teams to embed security

controls in CI/CD pipelines.

• Review and enhance security architecture for web, mobile, and

API-based applications.

• Work with DevOps teams to strengthen cloud security posture

(AWS/GCP/Azure).

• Investigate and respond to product security incidents and

vulnerability reports.

• Support bug bounty triage and coordinate fixes with

engineering teams.

• Document and enforce secure coding practices and security

guidelines.

• Participate in design and architecture reviews to ensure

security-by-design principles.

Preferred candidate profile

• 3 to 5 years of experience in Application Security or Product

Security roles.

• Strong knowledge of OWASP Top 10 Web, Mobile, API Security

Top 10, and secure development practices.

• Experience in Infrastructure security ( External and Internal)
• Hands-on experience with tools like Burp Suite, ZAP, Check

Marx, SonarQube, Veracode, GitLab Security, etc.

• Familiarity with CI/CD pipelines (GitHub Actions, GitLab CI,

Jenkins) and integrating security scans.

• Knowledge of cloud security (AWS, Azure, GCP) and exposure

to IAM, KMS, and network controls.

• Scripting knowledge (Python, Bash, or PowerShell) for

automating security tasks.

• Understanding of container and Kubernetes security concepts.

Good to Have

• Experience with threat modeling (STRIDE, PASTA, etc.).

• Familiarity with infrastructure as code (Terraform,

CloudFormation) security validation.

• Exposure to DevSecOps practices and security orchestration.

• Certifications such as CEH, OSCP, CSSLP, or AWS Security

Specialty are a plus.