Product Security Officer

Position Overview:

We are seeking a highly skilled Product Security Officer who will champion security throughout the product lifecycle. This role is responsible for safeguarding our platforms, applications, and data while guiding teams to adopt secure engineering practices. The ideal candidate combines strong technical security expertise(3-5 years of experience) with strategic influence, ensuring our products deliver exceptional value without compromising protection or trust.

About the Role

The Product Security Officer functions as both architect and guardian, embedding security-by-design principles within product development. You work closely with Product Management, Engineering, QA, Architecture, and Compliance teams to ensure every feature meets rigorous security standards. Beyond analysis, you bring proactive innovation, anticipating risks before they surface and shaping policy that elevates security maturity across the organization.

Key Responsibilities

• Establish and maintain product security strategies, governance, and standards aligned to regulatory and business objectives
• Lead threat modeling, secure design validation, vulnerability assessments, and code security reviews
• Partner with cross-functional teams to ensure secure SDLC practices, from ideation through deployment
• Evaluate and integrate emerging security technologies and methodologies to counter evolving threats
• Support incident response planning and security readiness, including processes for monitoring and remediation
• Provide security guidance during vendor selection, integration, and third-party risk assessments
• Conduct training and awareness programs to upskill teams on secure engineering principles
• Drive continuous improvement in product security through automation, metrics, and benchmarking

Skills & Qualifications

• Proven experience in product or application security roles within enterprise or SaaS environments
• Strong knowledge of security frameworks and standards (e.g. OWASP, NIST, ISO 27001)
• Hands-on expertise with vulnerability scanning tools, SAST/DAST, penetration testing, and secure coding practices
• Understanding of cloud architecture, identity access management, and data protection regulations
• Ability to translate complex security topics into actionable guidance for technical and non-technical stakeholders
• Certifications such as CISSP, CSSLP, CEH, or cloud security certifications are an advantage
• Strong analytical mindset and proactive approach to risk mitigation
• Experience working in Agile and DevSecOps delivery models preferred