Product Security Engineer (GRC)

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Product Security Engineer (GRC) based in India.

This role sits at the intersection of product security, compliance, and global regulatory assurance, supporting critical government certification programs across complex cloud and containerized environments. You will help ensure products meet stringent security and compliance standards such as FIPS, Common Criteria, and other international frameworks. The position involves close collaboration with engineering teams, auditors, and cross-functional stakeholders to embed security controls throughout the product lifecycle. You will contribute to the evolution of compliance automation, improving scalability and efficiency across global systems. The environment is highly technical, open-source driven, and deeply collaborative, with a strong emphasis on innovation and continuous improvement. This is a hands-on role where you will influence both engineering practices and compliance strategy in a rapidly evolving global security landscape.

• Drive security and compliance for systems supporting government certification programs, including standards such as FIPS, Common Criteria, and ITSAR.
• Collaborate with engineering teams and third-party auditors to support and lead technical discussions related to compliance requirements.
• Contribute to automation initiatives that improve compliance workflows, system maturity, and security control implementation.
• Support integration and security alignment of upstream open-source projects into enterprise-grade solutions.
• Research, evaluate, and recommend security tools, technologies, and practices for use in containerized and cloud-native environments.
• Act as a security and compliance advocate across internal teams and external open-source and partner ecosystems.

Requirements:

• Experience supporting or contributing to compliance audits such as ISO 27001, Common Criteria, ITSAR, or similar regulatory frameworks.
• Strong understanding of cloud security principles and secure system design in distributed environments.
• Knowledge of cryptographic modules and how they operate within secure systems.
• Hands-on experience securing cloud environments and supporting compliance-driven engineering efforts.
• Strong communication skills with the ability to explain technical compliance concepts to both technical and non-technical stakeholders.
• Experience working independently in remote or self-directed environments with strong ownership mindset.
• Familiarity with automation, scripting, or programming languages such as Python, Go, or XML is a plus.
• Exposure to cloud platforms (AWS, Azure) and container technologies such as Kubernetes or OpenShift is a plus.
• Experience with AI-assisted development tools and an openness to leveraging AI to improve productivity and decision-making.

Benefits:

• Competitive compensation package aligned with senior-level security engineering roles.
• Flexible remote-friendly work culture across India with hybrid options depending on location.
• Comprehensive medical, dental, and wellness coverage.
• Opportunities to work on global-scale open-source security and compliance initiatives.
• Learning and development support for technical certifications and professional growth.
• Inclusive and collaborative work environment grounded in open-source principles.
• Flexible working arrangements supporting work-life balance and autonomy.