Job Description
Smarsh is seeking a Product Security Lead to embed security into the software development lifecycle. This role involves conducting threat modeling, security design reviews, and vulnerability management. The lead will also perform secure code reviews, architectural security assessments, and enhance security automation in CI/CD pipelines. Responsibilities include facilitating penetration testing, building security awareness through a Security Champion program, and supporting incident response readiness. The position also requires ensuring alignment with regulatory requirements like SOC 2 and ISO 27001, and supporting audit activities.
Good To Have:
- OSCP, GIAC, CISSP, or CSSLP certifications.
- Experience in SaaS environments.
- Knowledge of machine learning security.
- Familiarity with attack surface management.
Must Have:
- 8+ years in Product Security/AppSec.
- Expertise in secure SDLC, coding practices, OWASP Top 10.
- Proficiency in modern programming languages (Python, Java, JS, Go, C#).
- Experience with cloud-native security (AWS, Azure, GCP).
- Familiarity with CI/CD security automation.
- Strong understanding of IAM and API security.
- Excellent communication and collaboration skills.
Add these skills to join the top 1% applicants for this job
saas-business-models
communication
github
ethical-hacking
software-development-lifecycle-sdlc
security-testing
gitlab
c#
oauth
incident-response
jwt
aws
azure
threat-intelligence
terraform
burp-suite
cloud-security
ci-cd
docker
kubernetes
python
github-actions
javascript
jenkins
java
machine-learning
Who are we?
Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines. Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.
Key Responsibilities
- Secure SDLC Integration: Embed security within the software development lifecycle, ensuring security is considered at every phase—from design to deployment.
- Threat Modeling & Security Design Reviews: Conduct structured threat modeling and security assessments for new features, architectures, and services.
- Vulnerability Management & Remediation: Work closely with engineering teams to identify and remediate vulnerabilities from SAST, DAST, SCA, container security, and cloud security scans.
- Code & Architecture Review: Conduct secure code reviews and architectural security assessments to identify risks early in the development process.
- Automation & Tooling: Enhance security automation capabilities by integrating security testing tools into CI/CD pipelines.
- Penetration Testing & Red Teaming: Facilitate internal and external penetration testing activities, helping to triage and remediate findings.
- Security Champion Enablement: Collaborate with engineering teams to build security awareness and develop a network of Security Champions.
- Incident & Response Readiness: Support Smarsh SOC and security incident response, including root cause analysis and post-mortem reviews for your product(s).
- Security Compliance & Governance: Ensure alignment with regulatory requirements (SOC 2, ISO 27001, etc.) and support audit activities
Qualifications & Experience
- 8 + years of experience in Product Security, Application Security, or a related security engineering role.
- Deep expertise in secure software development, secure coding practices, and OWASP Top 10 / CWE 25.
- Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#).
- Experience with cloud-native security (AWS, Azure, GCP) and securing containerized environments (Docker, Kubernetes).
- Proficiency in security testing tools such as Burp Suite, Endor, Semgrep, etc.
- Strong background in network security, including firewalls, IDS/IPS, VPNs, and secure network design.
- Hands-on experience with CI/CD security automation (GitHub Actions, Jenkins, GitLab CI, etc.).
- Familiarity with infrastructure-as-code security (Terraform, CloudFormation) and cloud security posture management.
- Strong understanding of identity & access management (OAuth, OIDC, SAML, JWT) and API security.
- Knowledge of industry frameworks like NIST, ISO 27001, and SOC 2.
- Experience driving developer enablement and security training initiatives.
- Excellent communication and collaboration skills to engage with engineering, product, and leadership teams.
Preferred Qualifications
- Security certifications such as OSCP, GIAC (GWEB, GWAPT, GCSA), CISSP, or CSSLP.
- Experience working in SaaS, multi-tenant cloud environments.
- Knowledge of machine learning security (AI/ML model risks, LLM security best practices).
- Familiarity with attack surface management and threat intelligence.
About our culture
Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.
Set alerts for more jobs like Product Security Lead
Set alerts for new jobs by smarsh
Set alerts for new Product jobs in India
Set alerts for new jobs in India
Set alerts for Product (Remote) jobs
