Job Summary :

We are seeking an experienced Product Security Engineer (5+ years) with mandatory expertise in PRE MARKET security testing on hardware or software. The ideal candidate will possess deep knowledge of threat modeling, secure coding, and DevSecOps practices within Windows .NET and Azure environments.

Key responsibilities include contributing to threat models and security risk documentation, serving as a subject matter expert for development teams, leveraging tools like Polaris/BlackDuck for SAST/DAST/SCA scanning and triage, and supporting compliance with regulatory requirements governing product security.

Key Responsibilities and Technical Deliverables :

Pre-Market Testing and Threat Modeling :

- Demonstrate mandatory Experience with PRE MARKET security testing on hardware or software, focusing on security assurance prior to product launch and deployment.

- Contribute to the development/maintenance of threat models (e.g., using methodologies like STRIDE) and product security risk documentation, aligning with Quality Management System (QMS) requirements and deliverables.

- Identify and consult on requirements to help address and mitigate security risks and vulnerabilities early in the Secure System Development Lifecycle (SSDLC).

DevSecOps, Analysis, and Remediation :

- Leverage Expertise in threat modelling, security risk management, secure coding, secure system development, and DevSecOps practices to integrate security seamlessly into the CI/CD pipeline.

- Utilize Strong experience with Polaris, BlackDuck, Synk, or similar tools to perform and triage SAST (Static Analysis Security Testing), DAST (Dynamic Analysis Security Testing), and SCA (Software Composition Analysis) scans.

- Collaborate with the team on security testing and security signals, providing technical guidance on vulnerability identification and efficient remediation.

- Apply Experience with security techniques, standards, and methods for authentication and authorization, applied cryptography, security vulnerabilities, and remediation within the primary technology stack.

Technology Environment and Compliance :

- Provide expertise in securing applications built in Windows .NET and Azure environments, addressing platform-specific security challenges.

- Serve as subject matter expert to the development teams, raising the level of security understanding and compliance through training and consultation on secure coding best practices.

- Support compliance with regulatory requirements, industry standards, and internal policies governing product security.

- Stay informed about new tools, regulations, standards, and best practices of the industry to drive continuous security improvement.

Mandatory Skills & Qualifications :

- Experience : 5 years experience in Software Security.

- Specialization : MUST HAVE EXPERIENCE WITH PRE MARKET SECURITY TESTING ON SOFTWARE.

- Expertise : Expertise in threat modelling, security risk management, secure coding, secure system development, and DevSecOps.

- Tools : Strong experience with Polaris, BlackDuck, Synk, or similar for SAST/DAST/SCA triage.

- Environment : Experience with security techniques and remediation in Windows .NET and Azure environments.

- Logistics : Ability to work a schedule until 10:30 PM IST.

Preferred Skills :

- Relevant security certifications (e.g., CSSLP, CISSP, CEH).

- Experience securing cloud-native services in Azure (e.g., Azure Key Vault, Azure Security Center).

- Knowledge of specific regulatory or industry standards for safety-critical systems.