Principal Product Security Engineer

Work Flexibility: Hybrid

What You Will Do

• Provide technical leadership and guidance to a team of Web, Mobile and API Security engineers - execute and oversee Penetration Testing and Vulnerability Assessment activities for these security domains.

• Collaborate with DevSecOps to embed security (SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation) into all phases of SDLC. Support in developing and optimizing generation, repositories and version management of SBOM specifically for web, mobile applications.

• Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for Ethical Hacking.

• Work closely with the development teams to ensure security of Products. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure applications.

• Stay updated with the latest security trends, vulnerabilities, and exploit techniques in the Web, Mobile, API & Cloud security.

• Identify and implement security tools in the areas of SAST, DAST, Code Fuzzing, Protocol Fuzzing and Centralized/Org-wide Vulnerability Management after conducting deep rooted evaluation based on thoroughly defined acceptance criteria.

• Expertise in coding languages such as C++, Java, JavaScript, Python.

• Strengthen depth in Pen test capability by ensuring 100% coverage of the security controls implemented during product development.

What You Need

 

Required Qualifications:

 

• B.Tech/MCA degree in Computers/IT/Electronics stream.

• 11+ years of experience with core expertise in defining, implementing and fixing security controls in following domains.

• Strong knowledge of secure coding practices, secure design principles, and proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit.

• Familiarity with relevant standards and frameworks such as OWASP, NIST Cybersecurity Framework, and ISO 27001.

Preferred Qualifications:

• Solid understanding of software development lifecycles and methodologies. Excellent leadership and communication skills, with the ability to effectively collaborate with cross-functional teams. 

• Prior experience in managing SBOMs and implementing Vulnerability Management programs is a plus.

• Understanding of Cloud based environments like Azure and AWS.

• At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Experience with threat modeling, risk assessment, and security architecture reviews.

Travel Percentage: None