Senior Product Security Engineer
Software Engineering, Product
Bengaluru, Karnataka, India
Posted on Jun 30, 2026
Senior Security Engineer - Product Security
Location: Mumbai/Bangalore
Experience: 3-4+ years
Type: Hands-on, product-focused
What this role is about
We’re looking for a hands-on Product Security Engineer who enjoys breaking things (ethically), understanding how systems actually work, and fixing security issues before they become incidents.
You’ll work closely with engineering teams to secure our web, mobile, and API platforms and help embed security naturally into how products are built.
This is not a policy-only or tool-only role. You’ll be close to the code, architecture, and developers.
What you’ll do (day to day)
- Review applications and APIs for real-world security issues, not just OWASP checklists
- Threat model new features and architecture changes before they go live
- Test web and mobile applications through hands-on black-box testing
- Help developers fix vulnerabilities and explain why they matter
- Set up and maintain security checks in CI/CD pipelines (SAST, SCA, IaC scanning)
- Coordinate penetration tests, review findings, and make sure issues actually get fixed
- Manage our Truemed’s VDP Program
- Review AWS security basics - AWS WAF, S3 exposure, secrets, and logging
What we’re looking for
- 3-4+ years of hands-on experience in application or product security
- Strong understanding of web, mobile (android / iOS) and API security fundamentals
- Practical experience with DevSecOps tools and CI/CD pipelines
- Ability to work closely with engineering teams and explain security clearly
- Comfortable operating in a fast-moving product environment
Nice to Have
- Experience with AWS-native services
- Prior work in consumer-scale or data-sensitive platforms
Why you’ll enjoy working here
- You’ll have ownership and visibility, secure healthcare data.
- Security feedback is taken seriously and acted on
- You’ll help shape how product security works as the company grows
