Product Security Engineer
Indexed description
Location - Chennai
Work Model - Work in Office
About Quvia
Quvia is building the digital fabric between edge and cloud. Our platform uses AI and machine learning to orchestrate connectivity across satellite, terrestrial, and hybrid networks so customers can move and manage data in the world's most network constrained environments.
We partner with global leaders in aviation, maritime, energy and other industries where connectivity is variable and complex, and digital services depend on reliable data movement. As companies deploy AI, automation and data-driven systems at the edge, Quvia provides the platform needed to unlock the full potential of their data and build value above the network.
Quvia is a fast growing, Series A company backed by Colombia Capital ($5B+ in fund commitments. It is headquartered in the greater Miami area with offices in the UK and India.
Learn more at
www.quvia.ai and
www.linkedin.com/company/quvia.
About The Role
We're seeking a Product Security Engineer to play a critical part in building and evolving Quvia’s security posture across our products' entire lifecycle. In this highly impactful role, you’ll partner with product management, engineering, and operations teams to assess product risks, define secure development standards, enforce security policies, and implement best practices to protect our products and, by extension, our customers' data and operations.
This is a hands-on role requiring a deep understanding of secure software development, application security frameworks, and cloud-native product architectures, with a strong emphasis on vulnerability mitigation and secure design principles. If you're a strategic thinker with a passion for building intrinsically secure products and a knack for embedding security into the DNA of software development, we encourage you to apply.
What You'll Do
- Security Architecture & Design Review: Collaborate with product and engineering teams to review designs and architectures for new features and products, identifying potential security risks and recommending appropriate controls and mitigations.
- Threat Modeling: Conduct threat modeling exercises for applications and systems to proactively identify and address potential security weaknesses.
- Security Code Review: Perform manual and automated security code reviews to identify vulnerabilities such as OWASP Top 10, common weaknesses (CWEs), and other security flaws.
- Vulnerability Management: Participate in the vulnerability management process, including triage, prioritization, and tracking of vulnerabilities identified through various sources (e.g., pen tests, bug bounties, internal scans).
- Security Testing: Work with QA and development teams to integrate security testing into the CI/CD pipeline, including static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA).
- Security Tooling & Automation: Evaluate, implement, and maintain security tools and technologies to improve the efficiency and effectiveness of our product security program. Develop automation scripts to streamline security tasks.
- Security Training & Awareness: Contribute to developing and delivering security training and awareness programs for engineering teams.
- Incident Response Support: Provide security expertise and support during security incidents related to products.
- Security Best Practices: Research and stay up-to-date with the latest security threats, vulnerabilities, and industry best practices. Evangelize and promote security-first development principles within the organization.
- Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
- Experience: 5+ years of experience in product security, application security, or a similar role.
- Technical Skills:
- Strong understanding of application security principles, secure coding practices, and common web application vulnerabilities (e.g., OWASP Top 10).
- Proficiency in at least one programming language (e.g., Python, Java, Go, Node.js, C#) and the ability to review code for security flaws.
- Experience with security testing tools (SAST, DAST, SCA) and methodologies.
- Familiarity with cloud security principles and practices - AWS.
- Understanding of cryptographic principles and secure communication protocols.
- Experience with CI/CD pipelines and integrating security into the development lifecycle.
- Knowledge of common security frameworks and standards (e.g., NIST, ISO 27001) is a plus.
Quvia will never ask to interview job applicants via text message or ask for personal banking information as part of the interview process.
Quvia will never ask job applicants or new hires to send money or deposit checks for the company.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search