Senior Product Security Engineer

SE2

7 - 12 years

9 - 14 Lacs

noida

Posted:1 day ago| Platform:

Apply

Skills Required

automation product engineering coding owasp javascript application security open source sdlc python penetration testing

Work Mode

Work from Office

Job Type

Full Time

Job Description

Partner with product engineering teams to embed security in the SDLC through threat modelling, design reviews, and secure architecture guidance.
Perform secure code reviews, static/dynamic analysis, and dependency scanning, ensuring vulnerabilities are identified and remediated early.
Build and maintain security automation and guardrails (CI/CD integrations, pipelines, and developer tools) to scale AppSec across teams.
Lead and evolve the threat modelling program, aligning security requirements with product architecture and risk profiles. Collaborate with engineering teams to remediate vulnerabilities and implement secure coding practices.
Enhance the usage of SAST, DAST, SCA, and container scanning tools, and build custom automation where needed.
Conduct penetration testing of applications and APIs and track findings through remediation.
Contribute to and maintain secure coding standards, playbooks, and training for developers.
Stay ahead of emerging application security threats, libraries, and frameworks, and proactively recommend improvements.
Mentor engineers and contribute to the growth of the Product Security program.

What Youll Need

7+ years of experience in application/product security, software engineering, or related security engineering roles.
Strong background in web application, API, and microservices security.
Solid knowledge of secure coding practices (Java, Python, Go, JavaScript/TypeScript preferred).
Hands-on experience with SAST, DAST, SCA, and container scanning tools (e.g., Semgrep, Checkmarx, Snyk, Burp Suite, OWASP ZAP).
Experience with CI/CD security automation and integrating security into pipelines.
Strong knowledge of OWASP Top 10, CWE, CAPEC, threat modelling, and secure design principles.
Familiarity with identity, authentication, and authorization protocols (OAuth2, OIDC, SAML, JWT).
Experience conducting manual and automated penetration testing of applications and APIs.
Strong written and verbal communication skills, with the ability to influence developers and non-security stakeholders.
A passion for mentoring and building developer-first security culture. Nice to Have (Preferred Qualifications)
Knowledge of cloud-native application security (Kubernetes, serverless, containers).
Certifications such as OSWE, OSCP, GWAPT, CSSLP, or GIAC AppSec certs. Experience with bug bounty programs or contributing to open-source security projects

More Jobs at SE2

Learning Partner

Gurugram

5 - 8 yrs

INR 25 - 30 Lacs

Product Manager - Identity & Access Management

Kolkata, Mumbai, New Delhi, Hyderabad, Pune, Chennai, Bengaluru

5.0 - 8.0 yrs

INR 7 - 10 Lacs

Technical Project Manager, Cybersecurity

Noida

6.0 - 11.0 yrs

INR 8 - 13 Lacs

Product Manager - SoR Team

Pune

4.0 - 9.0 yrs

INR 6 - 11 Lacs

Staff Engineer

Hyderabad

10.0 - 15.0 yrs

INR 20 - 60 Lacs

Mock Interview

Practice Video Interview with JobPe AI

Start JavaScript Interview

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.