Job Portal Logo
LoginSign Up
🔔 FCM Loaded

Product Security Engineer

Fluidech

2 - 5 years

Bengaluru

Posted: 28/12/2025

Getting a referral is 5x more effective than applying directly

Job Description

Job Title: Product Security Engineer

Location: Bangalore, Karnataka

Duration: Long-Term Contract


Company Overview:

  • FLUIDECH, an ESCONET group company and a deemed public company, is a technology consulting and managed services firm specialising in cybersecurity.
  • Founded in 2014 and headquartered in Gurugramand today with a client base spanning over 100 organisations worldwideFluidech designs IT solutions aligned with business objectives, fostering trusted relationships and delivering measurable performance improvements.
  • Established as a born-in-the-cloud company, Fluidech has evolved into a trusted technology partner that helps businesses build (Cloud & Infrastructure), automate (DevOps), and secure (Cyber Security services). Our solutions span diverse industry verticals, aligned with each clients business goals.
  • In addition to holding ISO 9001 and ISO 27001 certifications and an award-winning cybersecurity team, the company has a strong value proposition in its GRC services across frameworks, including but not limited to NCIIPC's CAF, SEBI's CSCRF, and others.


Position Overview

  • Were expanding our product security function to support fast-moving engineering teams building cloud-native web applications. Our developers ship quickly, experiment often, and work across a variety of stacks. Securitys role is to provide guardrailsnot roadblocksso teams can move fast and safely.
  • Were looking for strong Product Security Engineers who can partner deeply with engineering and help raise the security bar across our products, platform, and underlying cloud infrastructure.


What Youll Work On:


Product & Application Security

  • Perform security reviews of web/mobile apps, microservices, and APIs .
  • Conduct threat modelling (DFDs, architecture reviews, screen flows) for new and existing features.
  • Work with engineering teams to design and implement secure patterns in a cloud native environment.


Secure SDLC & DevSecOps

  • Embed security into CI/CD pipelines (SAST, DAST, SCA, container and IaC scanning).
  • Help design, tune, and maintain security tooling (open source, commercial, and in-house).
  • Shift left by building reusable guardrails, templates, and developer-friendly checks.


Application & Infrastructure Testing

  • Perform hands-on vulnerability assessments and penetration testing for web/mobile/IoT components and backend services .
  • Hunt for vulnerabilities in REST/gRPC APIs, authN/authZ flows , and multi-tenant architectures .
  • Build scripts/automation to find boring but important bugs at scale.


Cloud & Platform Security

  • Review and improve the security of cloud accounts, IAM, network boundaries, and storage.
  • Collaborate with infra/platform teams to harden Kubernetes, serverless (lambdas/functions), and other PaaS components.
  • Define and validate baseline configurations, policies, and detection guardrails.


Collaboration, Enablement

  • Work closely with developers and tech leads to prioritise and remediate issues pragmatically.
  • Communicate security concepts clearly to non-security stakeholders.


What Makes Someone a Strong Fit:


Candidates are likely to be successful if they:

  • Have hands-on product security experience with modern web application stacks deployed on AWS, GCP, or Azure .
  • Have a track record of finding real-world issues in:
  • Web/mobile apps
  • APIs and backend systems
  • Cloud infrastructure and configuration
  • Are comfortable discussing architecture, data flows, CI/CD pipelines, secure SDLC, IAM, IaC, serverless , etc.
  • Can write quick scripts/automation (any language) to validate assumptions or scale testing.
  • Know how to balance risk with business prioritiesa sense for when to push and when to offer options.
  • Propose pragmatic solutions instead of just identifying problems.
  • Collaborate effectively with strong engineering teams.
  • Are genuinely interested in security, research, and problem-solving.


Nice-to-Have Experience

  • Prior experience in high-performing product security teams at modern tech companies.
  • Security code review for Java, Kotlin, Go, Node.js, Python, React/React Native , etc.
  • Experience with:
  • Kubernetes security
  • Secrets management
  • Multi-tenant SaaS security
  • Privacy/security by design for data-heavy systems

Contributions to open-source security tools, security research, or responsible disclosure programs.

Services you might be interested in

Improve Your Resume Today

Boost your chances with professional resume services!

Get expert-reviewed, ATS-optimized resumes tailored for your experience level. Start your journey now.

getmereferred logo Know more