Product Security Engineer

About the Role

We are seeking an experienced Product Security Engineer to join our team and help build security into every aspect of our product development lifecycle. In this role, you'll work closely with engineering, product, and DevOps teams to identify, assess, and mitigate security risks while enabling rapid and secure product delivery.

Key Responsibilities

Threat Modeling & Risk Assessment

Design and conduct comprehensive threat modeling sessions for new features and system architectures

Identify potential attack vectors and security vulnerabilities early in the development process

Collaborate with product and engineering teams to prioritize security requirements based on risk assessment

Develop and maintain threat models for existing and new products

Security Testing & Validation

Perform security testing of web applications, mobile applications, and APIs

Conduct static and dynamic application security testing

Execute penetration testing and vulnerability assessments

Review code for security vulnerabilities and provide remediation guidance

Validate security controls and defensive measures

DevSecOps Integration

Implement and maintain Static Application Security Testing (SAST) tools in CI / CD pipelines

Deploy and optimize Dynamic Application Security Testing (DAST) solutions

Establish cloud security best practices and tooling for AWS environments

Build security gates and quality checks into development workflows

Collaborate with DevOps teams to secure infrastructure as code

Security Automation & Tooling

Develop automated security testing frameworks and scripts

Build tools and integrations to streamline security processes

Automate vulnerability scanning and reporting workflows

Create self-service security tools for development teams

Implement security orchestration and response automation

Security Analytics & Monitoring

Design and implement security metrics and KPIs for product security

Analyze security testing results and trends to identify systemic issues

Build dashboards and reporting for security posture visibility

Conduct security data analysis to inform strategic decisions

Monitor and respond to security alerts and incidents

Cross-functional Collaboration

Partner with engineering teams to provide security guidance and support

Educate developers on secure coding practices and security requirements

Work with product managers to balance security and business requirements

Collaborate with infrastructure and platform teams on security architecture

Required Qualifications

5+ years of experience in product security, application security, or related cybersecurity roles

Strong background in threat modeling and secure design review .

Extensive experience with web application security testing and mobile application security for iOS and Android platforms

Hands-on experience with DevSecOps practices and security tool integration

Proficiency with SAST, DAST, Cloud Security tools

Experience with security automation and scripting (Python, Bash)

Background in security analytics and data analysis for security insights

Preferred Qualifications

Experience with container security (Docker, Kubernetes)

Knowledge of infrastructure as code security (Terraform, CloudFormation)

Familiarity with security frameworks (NIST, ISO 27001, SOC 2)

Experience with bug bounty programs and responsible disclosure

Experience with compliance requirements (PCI DSS, GDPR)