Sr Security Engineer

Job Description Job Position Senior Security Engineer Product Security Location: Bangalore, Karnataka Experience: 68 Years Department: Information Security Employment Type: Full-Time Overview Ecolab's Information Security team is seeking a Senior Security Engineer with strong expertise in Product Security to lead and enhance secure software development practices across the organization. This role focuses on integrating security into the Software Development Lifecycle (SDLC), identifying and mitigating application vulnerabilities, and guiding development teams on secure coding and architecture. The ideal candidate will have hands-on experience in application security, penetration testing, secure code reviews, and AI/LLM security. Minimum Qualification - Bachelor's degree in computer science, information technology or related discipline. - 6 - 8 years of experience in the Product Security domain. Roles And Responsibilities - Conduct Product Security Risk Assessments for Mobile, Web, API, and IoT applications. - Perform and remediate findings from SAST, DAST, and manual penetration testing. - Simulate attacks and generate detailed vulnerability reports. - Collaborate with internal teams for automated and manual security testing. - Review software applications for potential security flaws. - Guide engineering teams on secure development practices and remediation strategies. - Deliver secure coding training to development and engineering teams. - Perform secure source code reviews and recommend mitigation strategies. - Act as a technical liaison for CI/CD and DevSecOps integration. - Automate security processes and integrate them into development pipelines. - Stay updated on emerging threats, vulnerabilities, and countermeasures. - Build and maintain strong relationships with stakeholders and business partners. Must-Have Skills Technical Skills & Expertise - Strong expertise in OWASP Top 10, CWE Top 25, and data protection principles. - Solid understanding of application architecture in multi-cloud and hybrid environments. - Hands-on experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Security, and manual penetration testing. - Proficiency in interpreting and writing code in Python, JavaScript/TypeScript, Java, C# (.NET), and Apex. - Deep knowledge of software vulnerabilities, secure design patterns, and threat mitigation strategies. - Experience integrating security into CI/CD pipelines and Developers workflows. - Strong working knowledge of Web Application Firewall (WAF) technologies Nice-to-Have Skills - Familiarity with OWASP Top 10 for LLMs and emerging AI security frameworks. - Understanding of Prompt Injection, Data Poisoning, and Model Theft threats. - Experience securing AI APIs, ML pipelines, and LLM-based applications. - Knowledge of API Security, Infrastructure as Code (IaC) Security, and Secrets Management. - Experience in Threat Modelling and Attack Simulation techniques Security Tools & Technologies - Web Application Firewalls (WAF): Fastly, Cloudflare, Akamai. - Security Scanners: Checkmarx, Snyk, Veracode, Qualys, Burp Suite, Wiz, Postman Certification - Certified Ethical Hacker (CEH) - Certified Application Security Engineer (CASE .NET / CASE Java) - Azure/AWS/Google Cloud Security Engineer Our Commitment to a Culture of Inclusion & Belonging Ecolab is committed to fair and equal treatment of associates and applicants and furthering the principles of Equal Opportunity to Employment. We will recruit, hire, promote, transfer and provide opportunities for advancement based on individual qualifications and job performance in all matters affecting employment, compensation, benefits, working conditions, and opportunities for advancement. Ecolab will not discriminate against any associate or applicant for employment because of race, religion, color, creed, national origin,citizenship status, sex, sexual orientation, gender identity and expressions, genetic information, marital status, age, or disability.