Pluralsight - Product Security Engineer - SAST / DAST

Job Description :

The Product Security Engineers work closely with engineering teams to secure our Pluralsight platform.

They will work on various Secure SDL programs to help identify security Threats and Vulnerabilities on our platform.

Provide recommendations to engineering teams on how to address the Youre Committed To Being :

• You enjoy learning and are open to new ways of doing things.
• You are not afraid to be yourself, experiment, make mistakes and learn from them, ask questions, or voice your concerns.
• When communicating, you are self-aware, insightful, and proactive.
• You are a team member first and individual contributor second.
• You are aware that high-performing teams are only as strong as their weakest link.
• You believe in continuous improvement and request frequent feedback from Youll Do :
• Support and enable engineering teams when performing and maintaining threat models and provide mentorship and guidance to engineers.
• Use knowledge of common risks and vulnerabilities to guide engineering teams in building products.
• Use and maintain security tooling and processes, such as SAST / DAST tools and vulnerability reporting.
• Promote and develop a security aware mind set among teams.
• Record and communicate vulnerability findings and keep records up to date.
• Automated DevSecOps security checkpoints.
• Collaborate with engineers through all phases of the Youll Bring :
• 3+ years of professional experience in product security, working with SaaS application & Cloud security.
• An engineering graduate with computer science or information technology background.
• Strong analytical and problem-solving skills.
• Good understanding of software development concepts and technologies.
• Knowledge of programming languages such as JavaScript, Java, C#, and Python.
• Experience with security tools and technologies such as Web Application Firewall, SAST, and DAST.
• Experience in performing Penetration testing in identifying security vulnerabilities.
• Knowledge on OWASP Top 10 / SANS Top 25 vulnerabilities.
• Experience communicating security threats and application vulnerabilities to technical and non-technical team :
• Any Security Certifications like CEH, OSCP will be a plus.
• Understanding of AI and LLM models is preferred.
• An individual with an aptitude to learn and grow.
• Hybrid Work Model : This role follows a hybrid schedule, with on-site work at our Bangalore office two days per week, as agreed up on with your leader.
• This approach helps us collaborate more effectively, make decisions more quickly, and build a stronger culture, while still providing flexibility.

(ref : hirist.tech)