Product Security Lead
4 days ago
Location: Chennai (HQ) - Onsite
Function: Product Security
Experience: 7–12 years (incl. 2+ years in a lead/ownership role)
About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform teams to design, build, and operate secure-by-default products used by leading financial institutions.
What you'll do- Own the Secure SDLC for microservices (Java/Spring Boot), Node/TypeScript backends, Angular UIs, and Android/Flutter apps—policy, standards, and release gates.
- Build and run CI/CD security controls: SAST, SCA/SBOM, secrets & IaC checks, container/image scanning; automate DAST/IAST in pipelines; enforce block-on-fail where needed.
- Drive VAPT end-to-end: scope with internal/third-party testers, triage findings, set SLAs, track remediation to closure; verify fixes and prevent regressions.
- Threat model & review designs/code for authN/Z, crypto, session management, API security, data protection/PII, and high-risk modules (payments, onboarding, documents).
- Cloud & platform security (AWS): baselines for EC2/ALB, RDS/KMS, S3 policies, network segmentation, mTLS/JWT service auth, Vault-backed secrets, and key rotation.
- Observability & governance: wire security logs to SIEM, define AppSec KPIs (MTTR, SLA adherence, gate coverage), and report risk posture to engineering leadership.
- Upskill teams: run secure coding workshops, build a "security champions" program, create playbooks/runbooks for common vulns and abuse cases.
- 7–12 years in Application/Product Security, including leading Secure SDLC and VAPT remediation in a product engineering environment.
- Hands-on with SAST/SCA/DAST/IAST, code reviews, and threat modeling (e.g., STRIDE); ability to read code in Java/Spring, Node/TypeScript, and Angular.
- Prior experience in integrating security checks and gating critera with CI platform like SonarQube
- Strong grasp of OWASP Top 10, API Security Top 10, ASVS, CWE, secrets management, and CI/CD hardening.
- AWS security experience: IAM, KMS, RDS encryption, SG/WAF, CloudTrail/GuardDuty; familiarity with Docker/Kubernetes and IaC (Terraform/CloudFormation).
- Experience running vendor/3rd-party VAPT cycles and landing fixes to SLA with engineering teams.
- Awareness of compliance contexts (ISO 27001/SOC 2, RBI guidance, DPDP Act) and secure handling of PII/financial data.
- Nice to have: mobile app security (OWASP MASVS), OAuth2/OIDC, mTLS, WebAuthn/modern auth patterns; Kafka, Redis, NGINX, Consul, Vault.
- Certifications (optional, a plus): OSWE/OSCP, GWAPT/GWEB, CSSLP.
- ≥ 95% of Critical/High findings closed within SLA across services.
- All repos behind security gates with SBOMs published; zero hard-coded secrets; baseline threat models for top services.
- Repeatable VAPT → remediation → verification loop with dashboards visible to leadership.
- Build security for mission-critical fintech products at scale.
- High ownership, direct impact, and the chance to set the bar for product security across our stack.
- Collaborative culture with strong engineering, rapid delivery, and growth opportunities.
-
Security Product Lead
7 days ago
Chennai, Tamil Nadu, India beBeeSecurity Full time ₹ 20,00,000 - ₹ 40,00,000Product Security Lead OpportunityWe are seeking an experienced security professional to lead and strengthen our product security initiatives.
-
Product Security Lead
7 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. About the role We're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform teams to design,...
-
Product Security Lead
7 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role) About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering...
-
Product Security Lead
7 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Product Security Lead
4 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–9 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
-
Product Security Lead
9 hours ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–9 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
-
Product Security Lead
4 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full time ₹ 15,00,000 - ₹ 20,00,000 per yearLocation:Chennai (HQ) - OnsiteFunction:Product SecurityExperience:7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
-
Product Security Lead
1 week ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Leading Product Security Specialist
4 days ago
Chennai, Tamil Nadu, India beBeeProductSecurity Full time ₹ 2,00,00,000 - ₹ 2,50,00,000Job Title: Product Security LeadThis role is about building, owning and operating secure-by-default products used by leading financial institutions.">",
-
Hotfoot - Product Security Lead
5 days ago
Chennai, Tamil Nadu, India HOTFOOT TECHNOLOGY SOLUTIONS PRIVATE LIMITED Full timeLocation : Chennai (HQ) Onsite.Function : Product Security.Experience : 7 - 12 years (incl. 2+ years in a lead/ownership role).About the role : Were looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics).Youll partner with engineering and...
