Sr Security Engineer Product Security
Sr Security Engineer Product Security
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job Position
Senior Security Engineer Product Security
Location: Bangalore Karnataka
Experience: 68 Years
Department: Information Security
Employment Type: Full-Time
Overview
Ecolabs Information Security team is seeking a Senior Security Engineer with strong expertise in Product Security to lead and enhance secure software development practices across the organization. This role focuses on integrating security into the Software Development Lifecycle (SDLC) identifying and mitigating application vulnerabilities and guiding development teams on secure coding and architecture. The ideal candidate will have hands-on experience in application security penetration testing secure code reviews and AI/LLM security.
Minimum Qualification
- Bachelors degree in computer science information technology or related discipline.
- 6 - 8 years of experience in the Product Security domain.
Roles and Responsibilities
- Conduct Product Security Risk Assessments for Mobile Web API and IoT applications.
- Perform and remediate findings from SAST DAST and manual penetration testing.
- Simulate attacks and generate detailed vulnerability reports.
- Collaborate with internal teams for automated and manual security testing.
- Review software applications for potential security flaws.
- Guide engineering teams on secure development practices and remediation strategies.
- Deliver secure coding training to development and engineering teams.
- Perform secure source code reviews and recommend mitigation strategies.
- Act as a technical liaison for CI/CD and DevSecOps integration.
- Automate security processes and integrate them into development pipelines.
- Stay updated on emerging threats vulnerabilities and countermeasures.
- Build and maintain strong relationships with stakeholders and business partners.
Technical Skills & Expertise
Must-Have Skills
- Strong expertise in OWASP Top 10 CWE Top 25 and data protection principles.
- Solid understanding of application architecture in multi-cloud and hybrid environments.
- Hands-on experience with Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Container Security and manual penetration testing.
- Proficiency in interpreting and writing code in Python JavaScript/TypeScript Java C# (.NET) and Apex.
- Deep knowledge of software vulnerabilities secure design patterns and threat mitigation strategies.
- Experience integrating security into CI/CD pipelines and Developers workflows.
- Strong working knowledge of Web Application Firewall (WAF) technologies
Nice-to-Have Skills
- Familiarity with OWASP Top 10 for LLMs and emerging AI security frameworks.
- Understanding of Prompt Injection Data Poisoning and Model Theft threats.
- Experience securing AI APIs ML pipelines and LLM-based applications.
- Knowledge of API Security Infrastructure as Code (IaC) Security and Secrets Management.
- Experience in Threat Modelling and Attack Simulation techniques
Security Tools & Technologies
- Web Application Firewalls (WAF): Fastly Cloudflare Akamai.
- Security Scanners: Checkmarx Snyk Veracode Qualys Burp Suite Wiz Postman
Certification
- Certified Ethical Hacker (CEH)
- Certified Application Security Engineer ( / CASE Java)
- Azure/AWS/Google Cloud Security Engineer
Required Experience:
Senior IC
Employment Type
Full-Time
