Job Description
Job Title: Product Security Engineer
Location: Bangalore, Karnataka
Duration: Long-Term Contract
Company Overview:
- FLUIDECH, an ESCONET group company and a deemed public company, is a technology consulting and managed services firm specialising in cybersecurity.
- Founded in 2014 and headquartered in Gurugram—and today with a client base spanning over 100 organisations worldwide—Fluidech designs IT solutions aligned with business objectives, fostering trusted relationships and delivering measurable performance improvements.
- Established as a born-in-the-cloud company, Fluidech has evolved into a trusted technology partner that helps businesses build (Cloud & Infrastructure), automate (Dev Ops), and secure (Cyber Security services). Our solutions span diverse industry verticals, aligned with each client’s business goals.
- In addition to holding ISO 9001 and ISO 27001 certifications and an award-winning cybersecurity team, the company has a strong value proposition in its GRC services across frameworks, including but not limited to NCIIPC's CAF, SEBI's CSCRF, and others.
Position Overview
- We’re expanding our product security function to support fast-moving engineering teams building cloud-native web applications. Our developers ship quickly, experiment often, and work across a variety of stacks. Security’s role is to provide guardrails—not roadblocks—so teams can move fast and safely.
- We’re looking for strong Product Security Engineers who can partner deeply with engineering and help raise the security bar across our products, platform, and underlying cloud infrastructure.
What You’ll Work On:
Product & Application Security
- Perform security reviews of web/mobile apps, microservices, and APIs.
- Conduct threat modelling (DFDs, architecture reviews, screen flows) for new and existing features.
- Work with engineering teams to design and implement secure patterns in a cloud native environment.
Secure SDLC & Dev Sec Ops
- Embed security into CI/CD pipelines (SAST, DAST, SCA, container and Ia C scanning).
- Help design, tune, and maintain security tooling (open source, commercial, and in-house).
- “Shift left” by building reusable guardrails, templates, and developer-friendly checks.
Application & Infrastructure Testing
- Perform hands-on vulnerability assessments and penetration testing for web/mobile/Io T components and backend services.
- Hunt for vulnerabilities in REST/g RPC APIs, auth N/auth Z flows, and multi-tenant architectures.
- Build scripts/automation to find “boring but important” bugs at scale.
Cloud & Platform Security
- Review and improve the security of cloud accounts, IAM, network boundaries, and storage.
- Collaborate with infra/platform teams to harden Kubernetes, serverless (lambdas/functions), and other Paa S components.
- Define and validate baseline configurations, policies, and detection guardrails.
Collaboration, Enablement
- Work closely with developers and tech leads to prioritise and remediate issues pragmatically.
- Communicate security concepts clearly to non-security stakeholders.
What Makes Someone a Strong Fit:
Candidates are likely to be successful if they:
- Have hands-on product security experience with modern web application stacks deployed on AWS, GCP, or Azure.
- Have a track record of finding real-world issues in:
- Web/mobile apps
- APIs and backend systems
- Cloud infrastructure and configuration
- Are comfortable discussing architecture, data flows, CI/CD pipelines, secure SDLC, IAM, Ia C, serverless, etc.
- Can write quick scripts/automation (any language) to validate assumptions or scale testing.
- Know how to balance risk with business priorities—a sense for when to push and when to offer options.
- Propose pragmatic solutions instead of just identifying problems.
- Collaborate effectively with strong engineering teams.
- Are genuinely interested in security, research, and problem-solving.
Nice-to-Have Experience
- Prior experience in high-performing product security teams at modern tech companies.
- Security code review for Java, Kotlin, Go, Node.js, Python, React/React Native, etc.
- Experience with:
- Kubernetes security
- Secrets management
- Multi-tenant Saa S security
- Privacy/security by design for data-heavy systems
Contributions to open-source security tools, security research, or responsible disclosure programs.
Location: Bangalore, Karnataka
Duration: Long-Term Contract
Company Overview:
- FLUIDECH, an ESCONET group company and a deemed public company, is a technology consulting and managed services firm specialising in cybersecurity.
- Founded in 2014 and headquartered in Gurugram—and today with a client base spanning over 100 organisations worldwide—Fluidech designs IT solutions aligned with business objectives, fostering trusted relationships and delivering measurable performance improvements.
- Established as a born-in-the-cloud company, Fluidech has evolved into a trusted technology partner that helps businesses build (Cloud & Infrastructure), automate (Dev Ops), and secure (Cyber Security services). Our solutions span diverse industry verticals, aligned with each client’s business goals.
- In addition to holding ISO 9001 and ISO 27001 certifications and an award-winning cybersecurity team, the company has a strong value proposition in its GRC services across frameworks, including but not limited to NCIIPC's CAF, SEBI's CSCRF, and others.
Position Overview
- We’re expanding our product security function to support fast-moving engineering teams building cloud-native web applications. Our developers ship quickly, experiment often, and work across a variety of stacks. Security’s role is to provide guardrails—not roadblocks—so teams can move fast and safely.
- We’re looking for strong Product Security Engineers who can partner deeply with engineering and help raise the security bar across our products, platform, and underlying cloud infrastructure.
What You’ll Work On:
Product & Application Security
- Perform security reviews of web/mobile apps, microservices, and APIs.
- Conduct threat modelling (DFDs, architecture reviews, screen flows) for new and existing features.
- Work with engineering teams to design and implement secure patterns in a cloud native environment.
Secure SDLC & Dev Sec Ops
- Embed security into CI/CD pipelines (SAST, DAST, SCA, container and Ia C scanning).
- Help design, tune, and maintain security tooling (open source, commercial, and in-house).
- “Shift left” by building reusable guardrails, templates, and developer-friendly checks.
Application & Infrastructure Testing
- Perform hands-on vulnerability assessments and penetration testing for web/mobile/Io T components and backend services.
- Hunt for vulnerabilities in REST/g RPC APIs, auth N/auth Z flows, and multi-tenant architectures.
- Build scripts/automation to find “boring but important” bugs at scale.
Cloud & Platform Security
- Review and improve the security of cloud accounts, IAM, network boundaries, and storage.
- Collaborate with infra/platform teams to harden Kubernetes, serverless (lambdas/functions), and other Paa S components.
- Define and validate baseline configurations, policies, and detection guardrails.
Collaboration, Enablement
- Work closely with developers and tech leads to prioritise and remediate issues pragmatically.
- Communicate security concepts clearly to non-security stakeholders.
What Makes Someone a Strong Fit:
Candidates are likely to be successful if they:
- Have hands-on product security experience with modern web application stacks deployed on AWS, GCP, or Azure.
- Have a track record of finding real-world issues in:
- Web/mobile apps
- APIs and backend systems
- Cloud infrastructure and configuration
- Are comfortable discussing architecture, data flows, CI/CD pipelines, secure SDLC, IAM, Ia C, serverless, etc.
- Can write quick scripts/automation (any language) to validate assumptions or scale testing.
- Know how to balance risk with business priorities—a sense for when to push and when to offer options.
- Propose pragmatic solutions instead of just identifying problems.
- Collaborate effectively with strong engineering teams.
- Are genuinely interested in security, research, and problem-solving.
Nice-to-Have Experience
- Prior experience in high-performing product security teams at modern tech companies.
- Security code review for Java, Kotlin, Go, Node.js, Python, React/React Native, etc.
- Experience with:
- Kubernetes security
- Secrets management
- Multi-tenant Saa S security
- Privacy/security by design for data-heavy systems
Contributions to open-source security tools, security research, or responsible disclosure programs.
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application