Product Security Engineer

Product Security Engineer

The Product Security Engineers work closely with engineering teams to secure our Pluralsight platform. They will work on various Secure SDL programs to help identify security threats and vulnerabilities on our platform. Provide recommendations to engineering teams on how to address the vulnerabilities.

Who You're Committed To Being:

You enjoy learning and are open to new ways of doing things.

You are not afraid to be yourself, experiment, make mistakes and learn from them, ask questions, or voice your concerns.

When communicating, you are self-aware, insightful, and proactive.

You are a team member first and individual contributor second. You are aware that high-performing teams are only as strong as their weakest link.

You believe in continuous improvement and request frequent feedback from others.

What You'll Do:

Support and enable engineering teams when performing and maintaining threat models and provide mentorship and guidance to engineers.

Use knowledge of common risks and vulnerabilities to guide engineering teams in building products.

Use and maintain security tooling and processes, such as SAST/DAST tools and vulnerability reporting.

Promote and develop a security aware mindset among teams.

Record and communicate vulnerability findings and keep records up to date.

Automated DevSecOps security checkpoints.

Collaborate with engineers through all phases of the SDLC.

Experience You'll Bring:

3+ years of professional experience in product security, working with SaaS application & Cloud security.

An engineering graduate with computer science or information technology background.

Strong analytical and problem-solving skills.

Good understanding of software development concepts and technologies.

Knowledge of programming languages such as JavaScript, Java, C#, and Python.

Experience with security tools and technologies such as Web Application Firewall, SAST, and DAST.

Experience in performing Penetration testing in identifying security vulnerabilities.

Knowledge on OWASP Top 10/SANS Top 25 vulnerabilities.

Experience communicating security threats and application vulnerabilities to technical and non-technical team members.

Requirements:

Any Security Certifications like CEH, OSCP will be a plus.

Understanding of AI and LLM models is preferred.

An individual with an aptitude to learn and grow.

Hybrid Work Model: This role follows a hybrid schedule, with on-site work at our Bangalore office two days per week, as agreed upon with your leader. This approach helps us collaborate more effectively, make decisions more quickly, and build a stronger culture, while still providing flexibility.

Why You'll Love Working Here:

We're a blended workplace, where team members work remotely or in a hybrid setup depending on their role and location.

We're mission-driven and values-guided.

We have a strong commitment to diversity and belonging.

We cultivate a culture of trust, autonomy, and collaboration.

We're lifelong learners and champion team member growth and advancement.

We've got you covered: team member benefits include competitive compensation packages, medical coverage, unlimited PTO, wellness reimbursements, Pluralsight subscription, professional development funds, and more.

About Us:

Pluralsight provides the only learning platform dedicated to accelerating the technology skills and capabilities of today's tech workforce. Thousands of companies, government organizations and individuals around the world rely on Pluralsight to support critical technology skill development in areas that are crucial to innovation including artificial intelligence, cloud computing, cybersecurity, software development, and machine learning. Pluralsight provides highly curated content developed by vetted technology experts, industry leading skill assessments, and hands on, immersive learning experiences designed to help individuals skill-up faster.