Product Security Engineer
Pune, Maharashtra, India
Full Time
2 hours ago
Visa Sponsorship
Key skills
SDLCAICI/CDCommunicationOWASPPenetration Testing
About this role
Role Overview
- Review and triage vulnerabilities from multiple sources including customer-reported issues, security researchers, automated scanning tools, and penetration testing results
- Assess severity and potential impact, including CVEs and third-party component risks
- Partner with developers to explain findings in clear terms, identify root causes, and drive timely remediation
- Track and validate fixes
- Work closely with engineering teams to integrate security into daily workflows
- Support developers in understanding secure coding practices and common vulnerability patterns
- Participate in security reviews and provide actionable feedback
- Assist in threat modeling to identify potential risks early in the design phase
- Support architecture and design reviews with a security perspective
- Help ensure security is considered as part of feature development
- Contribute to integrating security into the SDLC and evolving AI-driven development processes (often referred to as AIDLC)
- Help implement and improve secure development practices in CI/CD pipelines
- Support adoption of security tools and ensure findings are actionable
- Use AI tools to improve vulnerability triage and analysis, accelerate security reviews and documentation, and identify patterns to reduce manual effort
- Collaborate with engineering teams that are adopting AI-assisted development workflows
- Continuously explore ways to use AI to improve security processes and efficiency
Requirements
- 1-4 years of experience in product security, application security, or a related field
- Basic understanding of common web and application vulnerabilities (e.g., OWASP Top 10)
- Experience or strong interest in vulnerability triage and remediation workflows
- Familiarity with at least one of the following:
- Static or dynamic analysis tools
- Software composition analysis (SCA)
- Container or dependency scanning
- Understanding of software development processes and working with developers
- Strong problem-solving and analytical skills
- Effective written and verbal communication skills
- Experience using AI tools to improve workflows or processes
- Examples may include automating analysis, improving productivity, or enhancing development/security tasks
Tech Stack
- SDLC