Greenlight

Product Security Engineer II

Greenlight

full-time

Posted on:

Location Type: Hybrid

Location: BengaluruIndia

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSCloudSDLC

About the role

  • Support in executing a comprehensive product security strategy that aligns with the company's goals and risk appetite.
  • You will work hands on across code, infrastructure, and CI/CD to create agents, services and pipelines that detect, prevent and remediate risks leveraging AI where it adds value.
  • Design, build and operate security automation for the SDLC (code scanning, dependency risk management, secrets detection, policy-as-code) integrated into CI/CD.
  • Perform Manual Design and Implementation Reviews of Greenlight products and services from a security perspective.
  • Establish and enforce secure development standards (i.e. API security, Security patterns, IaC, etc.) and best practices across the organization.
  • Serve as SME on the practical security of our AI and LLM ecosystem. Lead threat modeling exercises for novel AI systems applying advanced security and privacy best practices.
  • Leverage automations and tools to continuously test, fuzz and validate products and platform components for security issues.
  • Perform Penetration testing and retesting to validate fixes.
  • Responsible for triaging findings from security researchers and leading incident response for PSIRT.
  • OnCall support for incident response and lead product-related security events and vulnerabilities.
  • Foster a culture of security awareness and ownership across the Engineering and Product organizations.
  • Stay current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes.

Requirements

  • 5+ years of experience finding security vulnerabilities, security code reviews and knowledge of secure code development for the technology stack at Greenlight.
  • 2-4 years experience with the threat modeling process and ability to find design problems based on technical architecture and data flow diagrams.
  • Experience with exploiting common security vulnerabilities
  • Deep technical knowledge of web and mobile application security, common vulnerabilities, secure coding practices, common exploit mitigations and secure architecture patterns.
  • Experience integrating or building AI-powered tools to assist with vulnerability detection, code review or threat modeling.
  • Experience creating software that enables security processes especially those leveraging AI/ML for automation or augmentation.
  • End to end experience on implementing and managing tools for Product Security (i.e. API Security, Mobile Protection, SAST, runtime scanning, etc.)
  • Experience with software development and automation that enables security processes. Deep technical knowledge of CI/CD pipelines and relevant tools for web and mobile applications.
  • Hands-on experience with security tools for SAST, DAST, IAST, and penetration testing. Fuzzing skills are good to have.
  • Skilled in scripting, automation and exploit writing.
  • Strong understanding of cloud security principles in AWS environments.
  • Strong product sense for rapid iteration and refinement based on data, combined with a collaborative mindset to work closely with engineers, product managers, and security analysts in a fast-paced environment.
Benefits
  • Greenlight is an equal opportunity employer
  • Committed to an inclusive work environment
  • Reasonable accommodations available for hiring process
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security vulnerabilitiessecurity code reviewssecure code developmentthreat modelingpenetration testingweb application securitymobile application securitysecure coding practicesCI/CD pipelinesscripting
Soft Skills
collaborative mindsetstrong product sensesecurity awarenessownershipincident response leadership