Weekday AI

Product Security Engineer

Weekday AI · Hyderabad, Telangana, India · ₹2M–₹3M/yr

Technology, Information and Internet · 11-50 employees

4 h ago
Senior (5-10 yrs) Full-time India
Log in to apply, save this posting, or score it against your profile with AI.

About the role

The role involves integrating security into the product development lifecycle through threat modeling, risk assessment, and security testing. It also requires implementing DevSecOps pipelines and automating security tooling to mitigate vulnerabilities.

What they look for

Product Security Application Security Threat Modeling DevSecOps SAST DAST Penetration Testing Cloud Security Python Bash Security Automation Security Analytics

Requirements

Candidates need over 5 years of experience in product or application security with strong skills in threat modeling and web/mobile security testing. Proficiency in DevSecOps practices, SAST/DAST tools, and scripting languages like Python or Bash is required.

Full description

This role is for one of the Weekday's clients

Salary range: Rs 1500000 - Rs 3000000 (ie INR 15- 30 LPA)

Min Experience: 5+ years

Location: Hyderabad JobType: full-time

We are seeking an experienced Product Security Engineer to join our team and help build security into every aspect of our product development lifecycle. In this role, you'll work closely with engineering, product, and DevOps teams to identify, assess, and mitigate security risks while enabling rapid and secure product delivery.

Key ResponsibilitiesThreat Modeling & Risk Assessment• Design and conduct comprehensive threat modeling sessions for new features and system architectures

  • Identify potential attack vectors and security vulnerabilities early in the development process
  • Collaborate with product and engineering teams to prioritize security requirements based on risk assessment
  • Develop and maintain threat models for existing and new products

Security Testing & Validation• Perform security testing of web applications, mobile applications, and APIs

  • Conduct static and dynamic application security testing
  • Execute penetration testing and vulnerability assessments
  • Review code for security vulnerabilities and provide remediation guidance
  • Validate security controls and defensive measures

DevSecOps Integration• Implement and maintain Static Application Security Testing (SAST) tools in CI/CD pipelines

  • Deploy and optimize Dynamic Application Security Testing (DAST) solutions
  • Establish cloud security best practices and tooling for AWS environments
  • Build security gates and quality checks into development workflows
  • Collaborate with DevOps teams to secure infrastructure as code

Security Automation & Tooling• Develop automated security testing frameworks and scripts

  • Build tools and integrations to streamline security processes
  • Automate vulnerability scanning and reporting workflows
  • Create self-service security tools for development teams
  • Implement security orchestration and response automation

Security Analytics & Monitoring• Design and implement security metrics and KPIs for product security

  • Analyze security testing results and trends to identify systemic issues
  • Build dashboards and reporting for security posture visibility
  • Conduct security data analysis to inform strategic decisions
  • Monitor and respond to security alerts and incidents

Cross-functional Collaboration• Partner with engineering teams to provide security guidance and support

  • Educate developers on secure coding practices and security requirements
  • Work with product managers to balance security and business requirements
  • Collaborate with infrastructure and platform teams on security architecture

Required Qualifications• 5+ years of experience in product security, application security, or related cybersecurity roles

  • Strong background in threat modeling and secure design review.
  • Extensive experience with web application security testing and mobile application security for iOS and Android platforms
  • Hands-on experience with DevSecOps practices and security tool integration
  • Proficiency with SAST, DAST, Cloud Security tools
  • Experience with security automation and scripting (Python, Bash)
  • Background in security analytics and data analysis for security insights

Preferred Qualifications• Experience with container security (Docker, Kubernetes)

  • Knowledge of infrastructure as code security (Terraform, CloudFormation)
  • Familiarity with security frameworks (NIST, ISO 27001, SOC 2)
  • Experience with bug bounty programs and responsible disclosure
  • Experience with compliance requirements (PCI DSS, GDPR)

Must-have skillsProduct Security, Application Security, Threat Modeling

Good-to-have skillsDevSecOps, SAST, DAST