Product Security Engineer

Perforce · Pune, Maharashtra

Position Summary:

As a Product Security Engineer, you will partner closely with developers to identify, triage, and drive remediation of security vulnerabilities across our products.

This hands-on role owns vulnerability triage across sources such as customer reports, security researchers, automated scanning tools, and penetration tests, and helps teams assess risk, prioritize fixes, and improve overall security posture.

You will also use AI tools to accelerate analysis, while supporting security reviews, threat modeling, and secure development practices across both the SDLC and emerging AI-assisted development workflows.

Success in this role requires strong attention to detail, curiosity to research new technologies, and effective collaboration with development teams. You will provide clear, actionable security feedback that helps teams improve efficiency and outcomes. You’ll thrive here if you’re proactive, resourceful, and eager to learn, with a focus on enabling teams to build secure, resilient products.

Responsibilities:

Vulnerability Assessment & Remediation

Review and triage vulnerabilities from multiple sources including customer-reported issues, security researchers, automated scanning tools, and penetration testing results
Assess severity and potential impact, including CVEs and third-party component risks
Partner with developers to explain findings in clear terms, identify root causes, and drive timely remediation
Track and validate fixes
Developer Collaboration
- Work closely with engineering teams to integrate security into daily workflows
- Support developers in understanding secure coding practices and common vulnerability patterns
- Participate in security reviews and provide actionable feedback
- Threat Modeling & Security Reviews
  - Assist in threat modeling to identify potential risks early in the design phase
  - Support architecture and design reviews with a security perspective
  - Help ensure security is considered as part of feature development
  - Security in the SDLC/AIDLC
    - Contribute to integrating security into the SDLC and evolving AI-driven development processes (often referred to as AIDLC)
    - Help implement and improve secure development practices in CI/CD pipelines
    - Support adoption of security tools and ensure findings are actionable
    - AI-Assisted Security & Development
      - Use AI tools to improve vulnerability triage and analysis, accelerate security reviews and documentation, and identify patterns to reduce manual effort
      - Collaborate with engineering teams that are adopting AI-assisted development workflows
      - Continuously explore ways to use AI to improve security processes and efficiency

Requirements:

1-4 years of experience in product security, application security, or a related field

Basic understanding of common web and application vulnerabilities (e.g., OWASP Top 10)

Experience or strong interest in vulnerability triage and remediation workflows

Familiarity with at least one of the following:

Static or dynamic analysis tools
Software composition analysis (SCA)
Container or dependency scanning
Understanding of software development processes and working with developers
Strong problem-solving and analytical skills
Effective written and verbal communication skills
Experience using AI tools to improve workflows or processes
- Examples may include automating analysis, improving productivity, or enhancing development/security tasks

Preferred Qualifications:

Experience reviewing CVEs or working with vulnerability databases

Exposure to threat modeling or secure design practices

Familiarity with modern development environments (e.g., Git-based workflows, CI/CD)

Exposure to cloud environments (AWS, Azure, or GCP)

Security pay context

Based on 1,638 disclosed Security salaries on RoleSuite, the role pays a median of $142K/year, with most offers between $114K and $179K (10th–90th percentile: $92K–$215K).

See the full Security salary breakdown →

Apply →