Product Security Engineer

DevRev is a growing SaaS startup focused on building an AI-driven platform for enhanced team collaboration. They are seeking a hands-on Product Security Engineer to actively test their product for security vulnerabilities and implement security practices within the development process.

Responsibilities:

• Actively test our SaaS product for security vulnerabilities across web apps, APIs, and cloud infrastructure
• Perform manual security testing and targeted penetration tests (beyond automated scanners)
• Implement and help implement automated security test suites
• Identify abuse cases, business logic flaws, and real-world attack paths
• Work directly with engineers to reproduce issues and drive fixes
• Help introduce lightweight security practices into the development process (threat modeling, secure design reviews)
• Validate fixes and ensure issues are fully resolved
• Stay current on new vulnerabilities, attack techniques, and SaaS-relevant threats

Requirements:

• 5+ years of experience in application security, offensive security, or penetration testing
• Strong understanding of web and API security (OWASP Top 10, auth, sessions, access control)
• Experience testing modern SaaS products
• Comfort working in cloud environments (AWS / GCP / Azure at a practical level)
• Experience with common security testing tools (Burp Suite, Nuclei, etc.)
• Ability to communicate findings clearly and pragmatically to engineers
• Self-starter mindset — comfortable operating with limited process and high ownership
• Startup experience or early-stage product exposure
• Bug bounty or responsible disclosure experience
• Secure code review experience (any major language)
• Familiarity with CI/CD and modern SDLC security
• Offensive security certifications (OSCP, GWAPT, etc.)