Offer summary

Qualifications:

5–9 years of experience in application security or product security roles., Proficient in web application security and secure coding practices., Hands-on experience with security tools and securing cloud environments., Strong understanding of compliance standards like SOC 2 and ISO 27001..

Key responsibilities:

Integrate security into the software development lifecycle (SDLC) and CI/CD pipelines.

Conduct threat assessments and define mitigation strategies for new features.

Perform application security audits and vulnerability assessments.

Collaborate with development teams to promote secure coding practices.

Job description

Sprinto is a leading platform that automates information security compliance. By raising the bar on information security, Sprinto ensures compliance, healthy operational practices, and the ability for businesses to grow and scale with unwavering confidence. We are a team of 300+ employees & helping 2500+ Customers across 75+ Countries. We are funded by top investment partners Accel, Elevation, and Blume Ventures and have raised 31.8 million USD in funding, including our latest Series B round.

The Role

We are looking for a Product Security Engineer to lead efforts in securing our products. This role involves integrating security into the SDLC, conducting threat assessments, and collaborating with engineering teams to ensure secure design and coding practices. You will also manage vulnerability remediation, ensure compliance, and educate teams on security best practices

What you will do

Secure SDLC Integration: Embed security into CI/CD pipelines and secure coding practices across development teams.

Threat Modeling & Risk Assessments: Perform threat assessments and define mitigation strategies for new features.

Application Security Audits: Conduct security reviews and vulnerability assessments for applications.

Security Design Reviews: Provide feedback on product designs to ensure security is built in from the start.

Vulnerability Management: Oversee vulnerability identification, prioritization, and remediation workflows.

Cross-Functional Collaboration: Work closely with development teams to promote secure coding and operational practices.

What We’re Looking For

5–9 years in application security, product security, or related roles.

Proficient in web application security (OWASP Top 10), secure coding practices, and vulnerability remediation.

Hands-on experience with security tools (SAST/DAST) and securing cloud environments.

Familiar with cloud security (AWS, Azure) and container security (Docker, Kubernetes).