Product Security Lead
3 weeks ago
Function: Product Security
Experience: 7–12 years (incl. 2+ years in a lead/ownership role)
About the role
We're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform teams to design, build, and operate secure-by-default products used by leading financial institutions.
What you'll do
- Own the Secure SDLC for microservices (Java/Spring Boot), Node/TypeScript backends, Angular UIs, and Android/Flutter apps—policy, standards, and release gates.
- Build and run CI/CD security controls: SAST, SCA/SBOM, secrets & IaC checks, container/image scanning; automate DAST/IAST in pipelines; enforce block-on-fail where needed.
- Drive VAPT end-to-end: scope with internal/third-party testers, triage findings, set SLAs, track remediation to closure; verify fixes and prevent regressions.
- Threat model & review designs/code for authN/Z, crypto, session management, API security, data protection/PII, and high-risk modules (payments, onboarding, documents).
- Cloud & platform security (AWS): baselines for EC2/ALB, RDS/KMS, S3 policies, network segmentation, mTLS/JWT service auth, Vault-backed secrets, and key rotation.
- Observability & governance: wire security logs to SIEM, define AppSec KPIs (MTTR, SLA adherence, gate coverage), and report risk posture to engineering leadership.
- Upskill teams: run secure coding workshops, build a "security champions" program, create playbooks/runbooks for common vulns and abuse cases.
What you'll bring
- 7–12 years in Application/Product Security, including leading Secure SDLC and VAPT remediation in a product engineering environment.
- Hands-on with SAST/SCA/DAST/IAST, code reviews, and threat modeling (e.g., STRIDE); ability to read code in Java/Spring, Node/TypeScript, and Angular.
- Prior experience in integrating security checks and gating critera with CI platform like SonarQube
- Strong grasp of OWASP Top 10, API Security Top 10, ASVS, CWE, secrets management, and CI/CD hardening.
- AWS security experience: IAM, KMS, RDS encryption, SG/WAF, CloudTrail/GuardDuty; familiarity with Docker/Kubernetes and IaC (Terraform/CloudFormation).
- Experience running vendor/3rd-party VAPT cycles and landing fixes to SLA with engineering teams.
- Awareness of compliance contexts (ISO 27001/SOC 2, RBI guidance, DPDP Act) and secure handling of PII/financial data.
- Nice to have: mobile app security (OWASP MASVS), OAuth2/OIDC, mTLS, WebAuthn/modern auth patterns; Kafka, Redis, NGINX, Consul, Vault.
- Certifications (optional, a plus): OSWE/OSCP, GWAPT/GWEB, CSSLP.
What success looks like (first 6 months)
- ≥ 95% of Critical/High findings closed within SLA across services.
- All repos behind security gates with SBOMs published; zero hard-coded secrets; baseline threat models for top services.
- Repeatable VAPT → remediation → verification loop with dashboards visible to leadership.
Why join us
- Build security for mission-critical fintech products at scale.
- High ownership, direct impact, and the chance to set the bar for product security across our stack.
- Collaborative culture with strong engineering, rapid delivery, and growth opportunities.
-
Product Security Lead
3 weeks ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Product Security Lead
3 weeks ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–9 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
-
Product Security Lead
2 weeks ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–9 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
-
Product Security Lead
2 weeks ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–9 years (incl. 2+ years in a lead/ownership role) About the role We're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with...
-
Hotfoot - Product Security Lead
3 weeks ago
Chennai, Tamil Nadu, India HOTFOOT TECHNOLOGY SOLUTIONS PRIVATE LIMITED Full timeLocation : Chennai (HQ) Onsite.Function : Product Security.Experience : 7 - 12 years (incl. 2+ years in a lead/ownership role).About the role : Were looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics).Youll partner with engineering and...
-
Product Security Strategist
2 weeks ago
Chennai, Tamil Nadu, India beBeeproductsecurity Full time ₹ 2,00,00,000 - ₹ 2,50,00,000Job Overview:We are seeking a Product Security Lead to drive security into our Software Development Lifecycle (SDLC) and oversee Vulnerability Assessment and Penetration Testing (VAPT) remediation across our lending product suite.
-
Product Security Architect
1 week ago
Chennai, Tamil Nadu, India TEMENOS Full time ₹ 7,00,000 - ₹ 12,00,000 per yearAbout TEMENOSTemenos powers a world of banking that creates opportunities for billions of people and businesses everywhere. We have been doing this for over 30 years through the pioneering spirit of our Temenosians who are passionate about making banking better, together.We serve over 3000 clients from the largest to challengers and community banks in 150+...
-
Embedding Security into Product Development
2 weeks ago
Chennai, Tamil Nadu, India beBeeSecurity Full time ₹ 80,00,000 - ₹ 1,50,00,000Product Security SpecialistWe're looking for a skilled Product Security Specialist to join our team and take ownership of securing our product suite.This includes designing, building, and operating secure-by-default products used by leading financial institutions.You'll work closely with engineering and platform teams to embed security into our SDLC and own...
-
Leading Cyber Security Test Engineer
2 weeks ago
Chennai, Tamil Nadu, India beBeeSecurity Full time ₹ 2,00,00,000 - ₹ 2,50,00,000Lead Cyber Security Test Engineer Job SummaryWe are seeking a seasoned and innovative Cyber Security Test Lead to join our product development team in Chennai. This role is ideal for an experienced professional with a proven track record of leading security testing teams and driving technological advancements.Job Description:The successful candidate will be...
-
Principal Product Security Engineer
3 weeks ago
Chennai, Tamil Nadu, India Logitech Full timeAbout the job :Logitech is the Sweet Spot for people who want their actions to have a positive global impact while having the flexibility to do it in their own way.Role : Principal Product Security :Product Security Governance :- Develop, implement, and maintain comprehensive product security policies, standards, and procedures.- Establish clear security...
