Product Security Specialist

JOB DESCRIPTION We are hiring Product Security Specialists to strengthen our product security capability across penetration testing, AI security, MCP security, mobile app security, web application security, support secure Product development and CIAM. You will drive immediate pen test needs, support global DAS pen test initiatives, help operationalize AI / MCP security controls, Mobile security and implement CIAM security best practices. This is a hands-on role that balances technical testing, engineering collaboration, and program-level activities. Key responsibilities • Conduct and coordinate technical penetration tests (black-box, grey-box, white-box) against web, API, cloud, and mobile applications; produce high-quality findings and remediation guidance. • Lead/participate in Global DAS pentest initiatives and manage external pentest vendors when required. • Lead/Design and implement mobile application security assessments (iOS/Android) including static (SAST), dynamic (DAST), and binary analysis. • Develop and operationalize AI/ML security assessments and controls: model threat modeling, data poisoning/evasion testing, privacy and model governance checks, secure deployment patterns, and monitoring strategies. • Design, assess, and harden CIAM implementations: threat modeling and security assessments for OAuth2/OIDC flows, token handling, session management, secure authorization patterns, and integration with providers such as Okta and Auth0. • Support the ISO27001 ISMS platform implementation: mapping controls, configuring workflows, populating evidence, and integrating security tools into the platform. • Provide audit support for internal and external audits (ISO27001, SOC2, etc.), including evidence collection, control testing, and remediation tracking. • Triage, validate, and prioritize security issues with product and engineering teams; provide clear remediation action plans and risk-based prioritization. • Create repeatable testing playbooks, threat models, secure design checklists, and automated test harnesses. • Mentor security champions and evangelize product security best practices across engineering/product teams. • Keep current with emerging threats, tools, and industry standards in mobile, cloud, and AI security. REQUIRED SKILLS AND EXPERIENCE • 10+ years (Specialist) of hands-on product security experience including penetration testing and app security. • Mobile Security: 4–5 years of hands-on experience with mobile app security (iOS/Android), including static/dynamic analysis and binary assessment. • AI/ML Security: 3–4 years of practical experience in AI/ML security, including threat modeling, adversarial testing, secure deployment, and MLOps security. • IT Access Management & Implementation: Proven experience with CIAM, identity protocols (OAuth 2.0, OpenID Connect), token lifecycle, PKI setup, and session management. • Okta: Experience integrating and securing Okta or similar identity providers (configuration hardening, SSO flows, rule-based policies). • Hands-On Engineering: Strong technical skills in penetration testing, vulnerability assessment, and remediation guidance. NICE TO HAVE SKILLS AND EXPERIENCE • Certifications: OSCP, OSWE, OSEP, GWAPT, CISSP, CEH, CREST, or relevant mobile/AI security certifications. • DevOps & Cloud: Experience with DevOps practices, cloud platforms (AWS/Azure/GCP), container orchestration, and security automation (CI/CD, IaC scanning, SCA/SAST pipelines). • Audit & Compliance: Experience supporting ISO27001, SOC2, or similar audit frameworks and ISMS platforms.