Senior Product Security Engineer (AWS / DevSecOps / SSDLC)

Senior Product Security Engineer (AWS / DevSecOps / SSDLC)

Location: Chennai, India

Type: Full-time

Industry: Healthcare Technology / Cybersecurity

Urgent Hiring | Immediate Joiners Preferred

We are hiring a Senior Product Security Engineer to help build and mature our Product Security and DevSecOps function across a healthcare technology environment running on AWS.

This is not a generic DevOps role.

We need someone who understands how products are built, can implement a practical Secure SDLC, improve DevOps and DevSecOps maturity, and help establish security operations and controls across AWS and across each digital product.

You will work closely with engineering, DevOps, cloud, and leadership teams to embed security into the full product lifecycle, from design and development through deployment, monitoring, and response.

This role is a foundational hire and will help shape what will become our DevSecOps team.

What you will do

• Lead the implementation and maturation of the Secure Software Development Lifecycle (SSDLC) across digital products
• Embed security controls into CI/CD pipelines and engineering workflows
• Partner with product, engineering, and DevOps teams to move from traditional DevOps to DevSecOps
• Define and implement application security controls including:

- SAST

- DAST

- SCA / dependency scanning

- secrets scanning

- IaC scanning

- container and image security

• Establish practical security gates, release controls, exception handling, and remediation workflows
• Drive threat modeling, secure design reviews, and secure coding practices for product teams
• Improve AWS security posture across product and platform environments, including:

- IAM

- logging and monitoring

- encryption

- secrets management

- configuration baselines

- vulnerability management

- runtime visibility

• Help implement SecOps capabilities for product environments, including security findings triage, remediation tracking, product-relevant monitoring, and incident coordination
• Partner with compliance and leadership teams to align security controls to SOC 2, HITRUST, HIPAA, and GDPR
• Support audit readiness by helping define controls, evidence processes, and repeatable security operations
• Help create the standards, processes, and technical foundation for a growing DevSecOps team

What we are looking for

• 7+ years of experience in Product Security, Application Security, DevSecOps, or Security Engineering
• Strong experience in AWS security across cloud-native or SaaS environments
• Proven experience implementing or maturing SSDLC / Secure SDLC
• Strong understanding of modern software development and product delivery lifecycles
• Hands-on experience integrating security into CI/CD pipelines
• Experience with one or more of the following:

- SAST

- DAST

- SCA

- secrets scanning

- IaC scanning

- container security

- runtime/cloud security tooling

• Strong working knowledge of:

- AWS IAM

- VPC / network security

- CloudTrail / CloudWatch

- Security Hub

- GuardDuty

- Inspector

- Macie

- KMS / encryption

- secrets management

• Experience building or improving vulnerability management and remediation workflows for product teams
• Ability to work directly with developers and DevOps engineers to make security practical and adoptable
• Experience supporting regulated environments and security frameworks such as ISO 27001, SOC 2, HITRUST, HIPAA, and GDPR
• Strong communication skills and the ability to influence engineering teams

Strongly preferred

• Experience in healthcare, healthcare SaaS, or other regulated product environments
• Experience with threat modeling, secure architecture reviews, and product security reviews
• Experience creating security standards, engineering guardrails, and measurable DevSecOps processes
• Experience helping stand up or scale a Product Security / DevSecOps function

Why this role matters

This is a high-impact role for someone who wants to build, not just maintain.

You will help shape how security is implemented across our products, AWS environment, development lifecycle, and compliance program. You will have a direct hand in improving engineering maturity, reducing product risk, and building the foundation for a long-term DevSecOps capability.

Immediate hire only. Immediate joiners or candidates with short notice periods will be strongly preferred.