Bestkaam Logo
Back to Jobs
FPL Technologies

Product Security Engineer

Actively Reviewing

FPL Technologies

Pune Full-Time 2–4 yrs exp Posted 6 hours ago  · Apply by Sep 14, 2026

Role: Product Security Engineer

Experience - 2-4 years in application security


We are looking for a hands-on Product Security Engineer with 2–4 years of experience to join our team. We are not just looking for someone to run scanners; we want an engineer who can bridge the gap between security and development. If you are passionate about building security automation, scaling DevSecOps practices, and finding clever ways to secure complex web, mobile, and cloud environments, we want to hear from you.

Job Description -

  • Architect and implement security automation frameworks (Python, Go, Bash) to streamline vulnerability detection across web and mobile platforms.
  • Engineer security controls within CI/CD pipelines to ensure automated gating and compliance at every SDLC stage.
  • Lead comprehensive threat modeling sessions to proactively identify architectural risks and provide actionable mitigation strategies.
  • Perform deep-dive secure code reviews (manual/automated) and full-spectrum penetration testing (black-box, grey-box, API, cloud-native) to identify vulnerabilities and drive remediation.
  • Champion a "security-by-design" mindset and DevSecOps culture, establishing best-in-class security standards across the organization.

Core Competencies & Skill Sets -

  • Expert knowledge of integrating SAST, DAST, and SCA tools into CI/CD workflows.
  • Proven ability to build custom tools for automated security testing and monitoring.
  • Comprehensive understanding of security requirements throughout the software development lifecycle.
  • Proficiency in methodologies such as STRIDE or PASTA to identify and mitigate business-critical risks.
  • Expertise in identifying vulnerabilities across web, mobile, and API surfaces using industry-standard tools and manual exploitation techniques.

Requirements-

  • 2–4 years of demonstrated success in application security, penetration testing, and cloud security environments.
  • Strong scripting/coding skills (e.g., Python, Go, Bash) specifically applied to security automation and tool integration.
  • Deep knowledge of security frameworks (OWASP, NIST) and their practical application in regulatory environments (GDPR, ISO 27001).
  • Hands-on experience with industry-standard security tools (Burp Suite, OWASP ZAP, Nmap) and securing cloud-native architectures (specifically AWS).
  • Proven understanding of secure SDLC practices and the ability to integrate automated security gates into CI/CD pipelines.
  • Strong analytical capabilities with the ability to communicate complex security risks effectively to both engineering and product stakeholders.