Product Security Lead
5 days ago
Location:
Chennai (HQ) - Onsite
Function:
Product Security
Experience:
7–12 years (incl. 2+ years in a lead/ownership role)
About the role
We're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform teams to design, build, and operate secure-by-default products used by leading financial institutions.
What you'll do
- Own the Secure SDLC
for microservices (Java/Spring Boot), Node/TypeScript backends, Angular UIs, and Android/Flutter apps—policy, standards, and release gates. - Build and run CI/CD security controls:
SAST, SCA/SBOM, secrets & IaC checks, container/image scanning; automate DAST/IAST in pipelines; enforce block-on-fail where needed. - Drive VAPT end-to-end:
scope with internal/third-party testers, triage findings, set SLAs, track remediation to closure; verify fixes and prevent regressions. - Threat model & review designs/code
for authN/Z, crypto, session management, API security, data protection/PII, and high-risk modules (payments, onboarding, documents). - Cloud & platform security (AWS):
baselines for EC2/ALB, RDS/KMS, S3 policies, network segmentation, mTLS/JWT service auth, Vault-backed secrets, and key rotation. - Observability & governance:
wire security logs to SIEM, define AppSec KPIs (MTTR, SLA adherence, gate coverage), and report risk posture to engineering leadership. - Upskill teams:
run secure coding workshops, build a "security champions" program, create playbooks/runbooks for common vulns and abuse cases.
What you'll bring
- 7–12 years in
Application/Product Security
, including leading Secure SDLC and VAPT remediation in a product engineering environment. - Hands-on with
SAST/SCA/DAST/IAST
, code reviews, and threat modeling (e.g., STRIDE); ability to read code in
Java/Spring
,
Node/TypeScript
, and
Angular
. - Prior experience in integrating security checks and gating critera with CI platform like SonarQube
- Strong grasp of
OWASP Top 10, API Security Top 10, ASVS, CWE
, secrets management, and CI/CD hardening. - AWS security
experience: IAM, KMS, RDS encryption, SG/WAF, CloudTrail/GuardDuty; familiarity with Docker/Kubernetes and
IaC
(Terraform/CloudFormation). - Experience running vendor/3rd-party
VAPT
cycles and landing fixes to SLA with engineering teams. - Awareness of compliance contexts (ISO 27001/SOC 2, RBI guidance,
DPDP Act
) and secure handling of PII/financial data. - Nice to have: mobile app security (OWASP MASVS), OAuth2/OIDC, mTLS, WebAuthn/modern auth patterns; Kafka, Redis, NGINX, Consul, Vault.
- Certifications (optional, a plus):
OSWE/OSCP
,
GWAPT/GWEB
,
CSSLP
.
What success looks like (first 6 months)
- ≥
95%
of Critical/High findings closed
within SLA
across services. - All repos behind
security gates
with SBOMs published;
zero hard-coded secrets
; baseline threat models for top services. - Repeatable VAPT → remediation → verification loop with dashboards visible to leadership.
Why join us
- Build security for
mission-critical fintech products
at scale. - High ownership, direct impact, and the chance to set the bar for product security across our stack.
- Collaborative culture with strong engineering, rapid delivery, and growth opportunities.
-
Security Product Lead
1 week ago
Chennai, Tamil Nadu, India beBeeSecurity Full time ₹ 20,00,000 - ₹ 40,00,000Product Security Lead OpportunityWe are seeking an experienced security professional to lead and strengthen our product security initiatives.
-
Product security lead
8 hours ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Product Security Lead
1 week ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. About the role We're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform teams to design,...
-
Product Security Lead
1 week ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role) About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering...
-
Product Security Lead
1 week ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Product Security Lead
6 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Product Security Lead
6 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–9 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
-
Product Security Lead
2 days ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - OnsiteFunction: Product SecurityExperience: 7–9 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and platform...
-
Product Security Lead
2 weeks ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–12 years (incl. 2+ years in a lead/ownership role)About the roleWe're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with engineering and...
-
Product Security Lead
8 hours ago
Chennai, Tamil Nadu, India Hotfoot Technology Solutions Full timeLocation: Chennai (HQ) - Onsite Function: Product Security Experience: 7–9 years (incl. 2+ years in a lead/ownership role) About the role We're looking for an Product Security Lead to embed security into our SDLC and own end-to-end VAPT remediation across our lending product suite (LOS/LMS, rules engine, analytics). You'll partner with...
