Product Security Engineer (Devsec Ops) at Lenskart
Gurugram, haryana, India -
Full Time


Start Date

Immediate

Expiry Date

28 Mar, 26

Salary

0.0

Posted On

28 Dec, 25

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Application Security, Product Security, Threat Modeling, Static Analysis, Dynamic Analysis, Software Composition Analysis, CI/CD Integration, Cloud Security, Incident Response, Secure Coding Practices, Scripting, Container Security, Kubernetes Security, Infrastructure Security, DevSecOps, Security Orchestration

Industry

technology;Information and Internet

Description
We are looking for a Product Security Engineer with 3 to 5 years of hands-on experience in identifying, assessing, and mitigating security risks across our products and platforms. The ideal candidate will work closely with engineering, DevOps, and product teams to integrate security throughout the software development lifecycle (SDLC) and ensure the security of our applications and infrastructure. Key Responsibilities Conduct application security assessments, threat modeling, and code reviews for products and services. Perform static (SAST), dynamic (DAST), and software composition (SCA) analysis using modern tools. Collaborate with development teams to embed security controls in CI/CD pipelines. Review and enhance security architecture for web, mobile, and API-based applications. Work with DevOps teams to strengthen cloud security posture (AWS/GCP/Azure). Investigate and respond to product security incidents and vulnerability reports. Support bug bounty triage and coordinate fixes with engineering teams. Document and enforce secure coding practices and security guidelines. Participate in design and architecture reviews to ensure security-by-design principles. 3 to 5 years of experience in Application Security or Product Security roles. Strong knowledge of OWASP Top 10 Web, Mobile, API Security Top 10, and secure development practices. Experience in Infrastructure security ( External and Internal) Hands-on experience with tools like Burp Suite, ZAP, Check Marx, SonarQube, Veracode, GitLab Security, etc. Familiarity with CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) and integrating security scans. Knowledge of cloud security (AWS, Azure, GCP) and exposure to IAM, KMS, and network controls. Scripting knowledge (Python, Bash, or PowerShell) for automating security tasks. Understanding of container and Kubernetes security concepts. Good to Have Experience with threat modeling (STRIDE, PASTA, etc.). Familiarity with infrastructure as code (Terraform, CloudFormation) security validation. Exposure to DevSecOps practices and security orchestration. Certifications such as CEH, OSCP, CSSLP, or AWS Security Specialty are a plus.
Responsibilities
The Product Security Engineer will conduct application security assessments, threat modeling, and code reviews while collaborating with various teams to integrate security throughout the software development lifecycle. They will also investigate product security incidents and support bug bounty triage.
Loading...