Sr Security Engineer Product Security
Share
Job Location:
Monthly Salary:
Posted on:
30+ days ago
Vacancies:
1 Vacancy
Job Summary
Job Position
Senior Security Engineer Product Security
Location: Bangalore Karnataka
Experience: 68 Years
Department: Information Security
Employment Type: Full-Time
Overview
Ecolabs Information Security team is seeking a Senior Security Engineer with strong expertise in Product Security to lead and enhance secure software development practices across the organization. This role focuses on integrating security into the Software Development Lifecycle (SDLC) identifying and mitigating application vulnerabilities and guiding development teams on secure coding and architecture. The ideal candidate will have hands-on experience in application security penetration testing secure code reviews and AI/LLM security.
Minimum Qualification
- Bachelors degree in computer science information technology or related discipline.
- 6 - 8 years of experience in the Product Security domain.
Roles and Responsibilities
- Conduct Product Security Risk Assessments for Mobile Web API and IoT applications.
- Perform and remediate findings from SAST DAST and manual penetration testing.
- Simulate attacks and generate detailed vulnerability reports.
- Collaborate with internal teams for automated and manual security testing.
- Review software applications for potential security flaws.
- Guide engineering teams on secure development practices and remediation strategies.
- Deliver secure coding training to development and engineering teams.
- Perform secure source code reviews and recommend mitigation strategies.
- Act as a technical liaison for CI/CD and DevSecOps integration.
- Automate security processes and integrate them into development pipelines.
- Stay updated on emerging threats vulnerabilities and countermeasures.
- Build and maintain strong relationships with stakeholders and business partners.
Technical Skills & Expertise
Must-Have Skills
- Strong expertise in OWASP Top 10 CWE Top 25 and data protection principles.
- Solid understanding of application architecture in multi-cloud and hybrid environments.
- Hands-on experience with Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Container Security and manual penetration testing.
- Proficiency in interpreting and writing code in Python JavaScript/TypeScript Java C# (.NET) and Apex.
- Deep knowledge of software vulnerabilities secure design patterns and threat mitigation strategies.
- Experience integrating security into CI/CD pipelines and Developers workflows.
- Strong working knowledge of Web Application Firewall (WAF) technologies
Nice-to-Have Skills
- Familiarity with OWASP Top 10 for LLMs and emerging AI security frameworks.
- Understanding of Prompt Injection Data Poisoning and Model Theft threats.
- Experience securing AI APIs ML pipelines and LLM-based applications.
- Knowledge of API Security Infrastructure as Code (IaC) Security and Secrets Management.
- Experience in Threat Modelling and Attack Simulation techniques
Security Tools & Technologies
- Web Application Firewalls (WAF): Fastly Cloudflare Akamai.
- Security Scanners: Checkmarx Snyk Veracode Qualys Burp Suite Wiz Postman
Certification
- Certified Ethical Hacker (CEH)
- Certified Application Security Engineer ( / CASE Java)
- Azure/AWS/Google Cloud Security Engineer
Required Experience:
Senior IC
Key Skills
- Splunk
- IDS
- Network security
- Computer Networking
- Identity & Access Management
- PKI
- PCI
- NIST Standards
- Security System Experience
- Information Security
- Encryption
- Siem
About Company
We Design With Community In Mind Communities are fundamental. Whether around the corner or across the globe, they provide a foundation, a sense of place and of belonging. That’s why at Stantec, we always design with community in mind. We care about the communities we serve—because th ... View more
