About this Security Engineer role at Weekday AI
This role is for one of the Weekday's clients
Min Experience: 6+ years
Location: Bengaluru
JobType: full-time
We are looking for an experienced Security Engineer to join our engineering team and play a critical role in building secure, resilient, and scalable products. In this role, you will work closely with software engineers, DevOps, infrastructure, and product teams to embed security into every stage of the software development lifecycle. You will be responsible for identifying security risks, implementing preventive controls, conducting security assessments, and ensuring that applications and infrastructure meet modern security standards.
The ideal candidate has extensive hands-on experience in Product Security, with a deep understanding of application security principles, secure software development practices, vulnerability management, and security automation. Experience with Threat Modeling is highly desirable and will be valuable in proactively identifying and mitigating security risks during the design and development phases.
Requirements
Key Responsibilities
- Design, implement, and maintain product security strategies across the software development lifecycle.
- Collaborate with engineering teams to integrate security best practices into application architecture, development, testing, and deployment.
- Conduct comprehensive security assessments, code reviews, and vulnerability analyses for web, mobile, and backend applications.
- Identify, prioritize, and remediate security vulnerabilities using industry-standard tools and methodologies.
- Develop secure coding guidelines and educate engineering teams on security best practices.
- Implement and manage security controls, authentication mechanisms, encryption standards, and access management solutions.
- Automate security testing within CI/CD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container security scanning.
- Monitor security alerts, investigate incidents, and coordinate remediation efforts with relevant stakeholders.
- Perform security reviews for APIs, cloud infrastructure, and microservices-based architectures.
- Ensure compliance with industry security standards and frameworks such as OWASP Top 10, CWE, NIST, ISO 27001, and SOC 2.
- Partner with cross-functional teams to improve overall security posture and reduce organizational risk.
- Stay updated with emerging threats, vulnerabilities, and security technologies to continuously improve security practices.
Required Qualifications
- Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, or a related field.
- 6–9 years of professional experience in information security, application security, or product security engineering.
- Strong expertise in Product Security and secure software development practices.
- Hands-on experience identifying and mitigating application security vulnerabilities.
- Deep understanding of authentication, authorization, encryption, identity management, and secure communication protocols.
- Experience securing cloud-native applications running on AWS, Azure, or Google Cloud Platform.
- Strong knowledge of web application security, API security, container security, Kubernetes security, and modern software architectures.
- Experience using security tools such as Burp Suite, OWASP ZAP, Snyk, Checkmarx, Veracode, SonarQube, or similar platforms.
- Proficiency in one or more programming or scripting languages such as Python, Java, Go, JavaScript, or Bash.
- Strong analytical, troubleshooting, and problem-solving abilities with excellent communication skills.
Good-to-Have Skills
- Experience conducting Threat Modeling using methodologies such as STRIDE, PASTA, or Attack Trees.
- Knowledge of DevSecOps practices and security automation.
- Familiarity with Infrastructure as Code (Terraform, CloudFormation) security.
- Experience with penetration testing and red team assessments.
- Security certifications such as CISSP, CSSLP, GSEC, OSCP, GWAPT, or AWS Security Specialty.
- Experience working in Agile and cloud-native product development environments.