This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Product Security Engineer in India.
This role is a high-impact, hands-on opportunity to embed security directly into the heart of modern, cloud-native product development. You will work closely with engineering, SRE, and platform teams to ensure security is built into every stage of the software lifecycle, from early design to production deployment. The position focuses on securing large-scale microservices, APIs, and mobile applications in a fast-moving environment. You will own threat modeling, secure architecture reviews, and vulnerability management while also contributing to incident response and post-incident improvements. A key aspect of the role is building and evolving AI-powered security tooling, treating automation and agentic systems as core enablers. This is a builder-oriented environment where security engineering directly shapes product reliability and resilience at scale.
Accountabilities:
- Lead threat modeling and secure design reviews for new products, features, and architectural changes, identifying risks, attack surfaces, and mitigation strategies early in the development lifecycle.
- Perform secure code reviews and vulnerability analysis across microservices, APIs, web, and mobile applications, collaborating with engineers to drive remediation.
- Build and enhance AI-powered and agent-driven security tooling to improve automation, detection, and response capabilities.
- Manage and improve vulnerability management programs, prioritizing risks using industry frameworks and business context, and reducing time-to-remediation.
- Support incident response activities including root cause analysis, blast radius assessment, and post-incident security hardening.
- Collaborate with compliance teams to support audits, ensuring alignment between engineering practices and regulatory requirements.
- Partner closely with engineering teams to integrate security best practices into CI/CD pipelines and development workflows.
Requirements:
- 3–4 years of hands-on experience in product security, application security, or cloud security in production environments.
- Strong expertise in threat modeling using frameworks such as STRIDE or attack trees, with the ability to translate risks into actionable engineering fixes.
- Experience conducting architecture and design reviews, identifying authentication, authorization, data exposure, and system-level vulnerabilities.
- Proficiency in secure code review and vulnerability analysis across languages such as Node.js, TypeScript, Python, or Go.
- Strong programming skills in at least one language (Python, Go, or TypeScript/Node.js), with experience building security tooling.
- Familiarity with cloud-native systems, microservices architecture, and mobile application security.
- Understanding of OWASP Top 10, supply chain risks, and exploitability in real-world contexts.
- Exposure to AI/ML security risks such as prompt injection, tool misuse, and data exfiltration is highly desirable.
- Hands-on experience using AI tools or coding agents in security workflows is a strong plus.
- Strong communication skills with the ability to simplify complex security issues for engineering teams.
- Collaborative mindset with the ability to work in lean, high-ownership environments.
Benefits:
- Competitive compensation aligned with performance and market standards.
- Opportunity to work in a fast-scaling global organization with real-world product impact.
- Exposure to cutting-edge AI-first security engineering practices and tooling.
- Career growth opportunities with increasing ownership and technical leadership scope.
- Collaborative, open, and feedback-driven culture focused on continuous improvement.
- Access to modern cloud-native and distributed system environments.
- Inclusive workplace committed to diversity, equity, and belonging.
How Jobgether works:
We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.
We appreciate your interest and wish you the best!
Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.
#LI-CL1