Product Security Engineer
Greenlight Planet
CloudCyber Security
Job Level
Mid-LevelSenior
Tech Stack
CloudCyber Security
About the role
- Job location: Remote in India
- About the role:
- In this role, your principal mission will be to drive security-related engineering engagement and technical remediation across Sun King’s product lines. You will work across application security, architecture reviews, and cloud security to scale security engagement across Engineering. As a Product Security Engineer, you will leverage your software engineering skills and security expertise to raise the security bar across our infrastructure, mobile services, and web apps.
- Key responsibilities:
- Perform Application Security Reviews, including Penetration Testing and Code Reviews, on Mobile Applications, APIs, and web applications using OWASP standards.
- Identify security loopholes in product design through Threat Modeling.
- Deploy and manage security tool integration into the CI/CD pipeline.
- Perform SAST, DAST, and SCA scans using in-house preferred tools; review scan results for false positives and deliver findings to engineering teams.
- Lead product security efforts during security incident management and define post-incident remediation plans.
- Set up automated processes to monitor applications and systems for unusual activities (e.g., unauthorized access, modification, duplication, or destruction of information).
- Stay updated on the latest security vulnerabilities and trends.
Requirements
- 3–6 years of experience in penetration testing, code review, DevSecOps, and architecture design reviews.
- Minimum 3 years of experience in the application security domain.
- Proficient in identifying vulnerabilities, guiding remediation steps, and tracking timely closure of issues based on severity.
- Experience with web application scanning tools such as Qualys WAS, AppSpider, Acunetix, Veracode, Burp Suite, Netsparker, OWASP ZAP, Checkmarx, Whitesource, Snyk, or similar.
- Strong knowledge of secure protocols, encryption standards, and authentication mechanisms.
- Holds at least one security certification such as OSCP, OSWE, GPEN, GWAPT, CRTP, etc.
- Good communication and collaboration skills with the ability to engage effectively with diverse stakeholders.
Similar jobs on JobTailor
Security Controls Assessor - Part time & Remote
TestPros, Inc.
CloudCyber Security
Information Security Compliance Analyst
D2L
CloudCyber Security
Lead Product Security Engineer
Emerson
CloudCyber SecurityIoTJavaMicroservices.NETPerlPython
Chief Information Security Officer
Daxko
AWSAzureCloudCyber SecurityGoogle Cloud PlatformSDLC