Product Security Engineer-Lead

Summary

Join Smarsh as a Product Security Engineer and contribute to secure development across engineering teams. You will identify and mitigate product risks through security reviews, tooling improvements, and vulnerability remediation. Collaborate with senior engineers and cross-functional teams to integrate security into the software development lifecycle. This role requires a security-minded engineer comfortable working in a global, dynamic, and fast-paced environment. You will embed security in every phase of software development, from design to deployment. Smarsh offers a competitive salary and benefits package.

Requirements

• 7+ years of experience in Product Security, Application Security, or a related security engineering role
• Deep expertise in secure software development, secure coding practices, and OWASP Top 10 / CWE 25
• Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#)
• Experience with cloud-native security (AWS, Azure, GCP) and securing containerized environments (Docker, Kubernetes)
• Proficiency in security testing tools such as Burp Suite, Endor, Semgrep, etc
• Strong background in network security, including firewalls, IDS/IPS, VPNs, and secure network design
• Hands-on experience with CI/CD security automation (GitHub Actions, Jenkins, GitLab CI, etc.)
• Familiarity with infrastructure-as-code security (Terraform, CloudFormation) and cloud security posture management
• Strong understanding of identity & access management (OAuth, OIDC, SAML, JWT) and API security
• Knowledge of industry frameworks like NIST, ISO 27001, and SOC 2
• Experience driving developer enablement and security training initiatives
• Excellent communication and collaboration skills to engage with engineering, product, and leadership teams

Responsibilities

• Secure SDLC Integration: Embed security within the software development lifecycle, ensuring security is considered at every phase—from design to deployment
• Threat Modeling & Security Design Reviews: Conduct structured threat modeling and security assessments for new features, architectures, and services
• Vulnerability Management & Remediation: Work closely with engineering teams to identify and remediate vulnerabilities from SAST, DAST, SCA, container security, and cloud security scans
• Code & Architecture Review: Conduct secure code reviews and architectural security assessments to identify risks early in the development process
• Automation & Tooling: Enhance security automation capabilities by integrating security testing tools into CI/CD pipelines
• Penetration Testing & Red Teaming: Facilitate internal and external penetration testing activities, helping to triage and remediate findings
• Security Champion Enablement: Collaborate with engineering teams to build security awareness and develop a network of Security Champions
• Incident & Response Readiness: Support Smarsh SOC and security incident response, including root cause analysis and post-mortem reviews for your product(s)
• Security Compliance & Governance: Ensure alignment with regulatory requirements (SOC 2, ISO 27001, etc.) and support audit activities

Preferred Qualifications

• Security certifications such as OSCP, GIAC (GWEB, GWAPT, GCSA), CISSP, or CSSLP
• Experience working in SaaS, multi-tenant cloud environments
• Knowledge of machine learning security (AI/ML model risks, LLM security best practices)
• Familiarity with attack surface management and threat intelligence

Benefits

• A competitive salary along with company bonus
• Strong maternity and paternity scheme
• A workplace pension scheme
• Take what you need holiday package
• Private medical insurance
• Dental plan
• Group life assurance
• Group income protection
• Employee assistance programme
• A monthly wellness allowance
• Adoption assistance
• Stock options