Arrive - Senior Product Security Engineer

About us :

Arrive, including brands like EasyPark, Flowbird, RingGo, ParkMobile and Parkopedia, is a leading global mobility platform. Present in over 90 countries and 20,000 cities, the company helps people and decision-makers make smarter decisions about urban mobility and ease the experience of travel worldwide.

Arrive delivers a unique combination of the core ingredients to make cities more livable : from smart payments and optimized car parks to data- driven traffic reduction and support for reinvestment in public transport and green space.

As Arrive, we guide customers and communities towards brighter futures and more liveable cities. It isn't a challenge just anyone could take on. Luckily, we have something to help us make it happen: our people and our values. We Arrive Curious, Focused and Together. Just as our entire brand is inspired by the North Star, the shining light leading travellers to their destinations since time began, our values guide us. They help us be at our best. For our customers. For the cities and communities we serve. For ourselves. As a global team, we are transforming urban mobility. Let- ?'s grow better together.

Role Overview :

You will independently conduct security assessments across web applications, APIs, and cloud environments, while supporting secure development practices and contributing to improving overall product security maturity.

Key Responsibilities :

- Identify and validate vulnerabilities aligned with OWASP Top 10 and API Security Top 10.

- Perform threat modeling for new features and services.

- Conduct secure code reviews (static analysis) and recommend remediation.

- Validate findings from SAST, DAST, and dependency scanning tools.

- Provide remediation guidance and conduct fix verification testing.

- Participate in design reviews and architecture discussions from a security perspective.

Cloud & Infrastructure Security :

- Review IAM policies, storage access controls, and container security posture.

- Validate findings from CSPM/CNAPP tools.

- Support cloud-native application security assessments.

Vulnerability Management :

- Track remediation SLAs and support risk acceptance decisions.

- Provide actionable recommendations to development teams.

Security Testing & Automation :

- Develop scripts and tooling (Python/Bash) to automate testing workflows.

- Improve security testing playbooks and documentation.

- Contribute to enhancing detection and monitoring coverage.

Collaboration & Reporting :

- Translate technical findings into business-impact language.

- Work cross-functionally with DevOps, Cloud, and Engineering teams.

Required Skills :

- Hands-on experience conducting web and API penetration testing.

- Strong understanding of OWASP Top 10 and common attack vectors.

- Experience using tools such as Burp Suite, OWASP ZAP, Nmap, Snyk, Checkmarks, etc.

- Experience working with cloud platforms (AWS/Azure/GCP).

- Familiarity with container security and modern DevOps environments.

- Experience reviewing code for security issues.

- Strong understanding of HTTP, authentication mechanisms, and networking fundamentals.

- Basic scripting experience (Python, Bash, or similar).

Preferred Experience :

- Exposure to Kubernetes and container security testing.

- Familiarity with bug bounty or responsible disclosure programs.

- Experience implementing DevSecOps practices.

- Certifications such as CEH, Security+, eJPT, OSCP (nice to have).

Why Join Arrive?

- Work on global-scale payment systems impacting millions of users.

- Be part of a growing India engineering team with strong ownership.

- Collaborate with diverse, international teams.

- Opportunity to influence architecture, strategy and team growth.

- Build technology that directly improves urban mobility and sustainability.