Hotfoot - Product Security Lead
4 days ago
Location : Chennai (HQ) Onsite.
Function : Product Security.
Experience : 7 - 12 years (incl. 2+ years in a lead/ownership role).
About the role :
Youll partner with engineering and platform teams to design, build, and operate secure-by-default products used by leading financial institutions.
What youll do :
Angular UIs, and Android/Flutter apps - policy, standards, and release gates.
- Build and run CI/CD security controls : SAST, SCA/SBOM, secrets & IaC checks, container/image scanning; automate DAST/IAST in pipelines; enforce block-on-fail where needed.
- Drive VAPT end-to-end : Scope with internal/third-party testers, triage findings, set SLAs, track remediation to closure; verify fixes and prevent regressions.
- Threat model & review designs/code for authN/Z, crypto, session management, API security, data protection/PII, and high-risk modules (payments, onboarding, documents).
- Cloud & platform security (AWS) : baselines for EC2/ALB, RDS/KMS, S3 policies, network segmentation, mTLS/JWT service auth, Vault-backed secrets, and key rotation.
- Observability & governance : wire security logs to SIEM, define AppSec KPIs (MTTR, SLA
adherence, gate coverage), and report risk posture to engineering leadership.
- Upskill teams : run secure coding workshops, build a security champions program, create
playbooks/runbooks for common vulns and abuse cases.
What youll bring :
- 7 - 12 years in Application/Product Security, including leading Secure SDLC and VAPT remediation in a product engineering environment.
- Hands-on with SAST/SCA/DAST/IAST, code reviews, and threat modeling (e.g., STRIDE); ability to read code in Java/Spring, Node/TypeScript, and Angular.- Prior experience in integrating security checks and gating critera with CI platform like SonarQube.
- Strong grasp of OWASP Top 10, API Security Top 10, ASVS, CWE, secrets management, and
CI/CD hardening.
- AWS security experience : IAM, KMS, RDS encryption, SG/WAF, CloudTrail/GuardDuty;
familiarity with Docker/Kubernetes and IaC Experience running vendor/3rd-party VAPT cycles and landing fixes to SLA with engineering teams.
- Awareness of compliance contexts (ISO 27001/SOC 2, RBI guidance, DPDP Act) and secure handling of PII/financial data.
- Nice to have : mobile app security (OWASP MASVS), OAuth2/OIDC, mTLS, WebAuthn/modern auth patterns; Kafka, Redis, NGINX, Consul, Vault.
- Certifications (optional, a plus) : OSWE/OSCP, GWAPT/GWEB, CSSLP.
What success looks like (first 6 months) :
- 95% of Critical/High findings closed within SLA across services.
- All repos behind security gates with SBOMs published; zero hard-coded secrets; baseline threat models for top services.
- Repeatable VAPT remediation verification loop with dashboards visible to leadership.
Why join us :
- High ownership, direct impact, and the chance to set the bar for product security across our stack.
- Collaborative culture with strong engineering, rapid delivery, and growth opportunities.
(ref:hirist.tech)-
Chennai, Tamil Nadu, India HOTFOOT TECHNOLOGY SOLUTIONS PRIVATE LIMITED Full timeProfile Overview :Our Java Architect will play a key role in our product development by creating state of the art architecture, design and delivering exceptional code. The architect will lead the design and development of our platform and infrastructure, working on projects that will allow wearing many hats and flex both technical development and...
-
Chennai, Tamil Nadu, India HOTFOOT TECHNOLOGY SOLUTIONS PRIVATE LIMITED Full timeAbout the Role :Hotfoot is shaping the future of digital lending infrastructure in India.Were looking for a Senior UX Designer to lead product design across our enterprise fintech platforms.This role is ideal for a seasoned designer who thrives in complex, data-heavy environments and can craft intuitive, scalable user experiences for web and mobile ...
-
Product Security Lead
6 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. About the role We're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform teams to design,...
-
Product Security Lead
6 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role) About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering...
-
Product Security Lead
7 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Product Security Lead
4 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Hotfoot - Senior Business Analyst
4 days ago
Chennai, Tamil Nadu, India HOTFOOT TECHNOLOGY SOLUTIONS PRIVATE LIMITED Full timeRoles And Responsibilities :- Manage the team for the Delivery and also have individual contribution for complex tasks.- Should be the escalation point for the customer and manage the customer experience.- Play a key role in bringing all stakeholders to same page and bring transparency in the process and highlight Project risks- Possess knowledge and be a...
-
Product Security Lead
4 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–9 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
-
Product Security Lead
1 week ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Product Security Lead
3 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full time ₹ 15,00,000 - ₹ 20,00,000 per yearLocation:Chennai (HQ) - OnsiteFunction:Product SecurityExperience:7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
