Product Security Engineer
Bengaluru, Karnataka, India - Remote
Funding SocietiesWe specialise in short-term financing for SMEs, funded by individual and institutional investors.
Funding Societies | Modalku is the largest SME digital financing platform in Southeast Asia, expanding into a leading SME neobank. We are licensed and registered in Singapore, Indonesia, Thailand, Malaysia, and operating in Vietnam, and backed by Sequoia India, Softbank Vision Fund and SMBC bank amongst many others. Funding Societies | Modalku provides business financing to small and medium-sized enterprises (SMEs), which is funded by individual and institutional investors. And here at Funding Societies | Modalku we live by our core values:
- Serve with Obsession: Build win-win relationships for the long-term by having a customer obsession.
- Grow Relentlessly: Strive to become our best, most authentic selves.
- Enable Teamwork, Disable Politics: Only by forging togetherness, we help each other succeed.
- Test Measure Act: Stay curious and reinvent ourselves, through innovation and experimentation.
- Focus on Impact: Create impact through bias for action and tangible results.
Funding Societies is looking for a Product Security Engineer to join our growing Security team.
As a Product Security Engineer focused predominantly on Static Application Security Testing (SAST) and threat modelling, you will mainly be responsible for securing our software products. You will also be responsible for raising security awareness in our organisation. You will work with multiple stakeholders throughout the Software Development Life Cycle to identify security threats early and develop solutions to mitigate them. You would strengthen the existing security architecture reviews and manual / automated secure code reviews (SAST) capabilities in the team. You will also work with external security vendors and researchers in various security programs.
- Conduct design and secure architecture reviews.
- Conduct manual and automated secure code reviews.
- Conduct threat modelling and penetration testing.
- Manage security bugs, including working with the relevant stakeholders to get the security bugs fixed according to the service level agreement.
- Raise security awareness, primarily in Engineering teams, by conducting security awareness trainings, secure code review trainings and discussions.
- Develop security tools, including monitoring tools, and build custom integration with various third-party security tools.
- A degree in Computer Science, Software Engineering, Information System, or related fields.
- 3+ years of experience in Web/Mobile Application Security (secure code reviews and secure architecture reviews).
- Knowledge around existing threat modelling frameworks, such as STRIDE and PASTA. Threat modelling as Code.
- Be well-versed in microservices architecture and possess extensive experience in Product Security (web and mobile).
- Basic knowledge around Continuous Integration (CI) pipelines and platforms, such as CircleCI and GitHub actions.
- Extensive experience in threat modelling, vulnerability assessment, and penetration testing.
- Good security knowledge, preferably in web and mobile security.
- Good understanding about software design and architecture.
- Web/Mobile development background will be an added advantage.
- Basic knowledge around software composition analysis, supply chain security issues (dependency confusion), and Supply chain Levels for Software Artefacts (SLSA) levels will be an added advantage.
- Good communication skills, both written and verbal.
- Security certifications, such as OSWE (Advanced Web Attacks and Exploitation) will be an added advantage.
- Time off - We would love you to take time off to rest and rejuvenate. We offer flexible paid vacations as well as many other observed holidays by country. We also like to have our people take a day off for special days like birthdays and work anniversaries.
- Flexible Working - We believe in giving back the control of work & life to our people. We trust our people and love to provide the space to accommodate each and everyone's working style and personal life.
- Medical Benefits - We offer health insurance coverage for our employees and dependents. Our people focus on our mission knowing we have their back for their loved ones too.
- Mental Health and Wellness - We understand that our team productivity is directly linked to our mental and physical health. Hence we have Wellness Wednesdays and we engage partners to provide well-being coaching. And we have our Great FSMK Workout sessions too to keep everyone healthy and fit!
- Tech Support - We provide a company laptop for our employees and the best possible support for the right equipment/tools to enable high productivity
* Salary range is an estimate based on our salary survey 💰
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open SOC Analyst jobs
- Open Senior Security Operations Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Information Security Specialist jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Security Consultant jobs
- Open Lead Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Infrastructure Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Application Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Security Analyst jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Offensive Security Engineer jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open SaaS-related jobs
- Open Forensics-related jobs
- Open ISO 27001-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open Java-related jobs
- Open Threat intelligence-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Analytics-related jobs
- Open Cryptography-related jobs
- Open CISM-related jobs
- Open Kubernetes-related jobs
- Open DevSecOps-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open PowerShell-related jobs
- Open TCP/IP-related jobs
- Open CI/CD-related jobs