Software Product Security Engineer
DATAMAZE . AI
Description
Hyderabad, India / Dubai, UAE
Full-time
Apply to Job
About The Role We are seeking a Software Product Security Engineer to ensure security across the lifecycle of our web-based product. This role focuses on embedding security practices into the design, development, implementation, and integration phases while addressing the unique challenges of delivering our product as Application as a Service (AaaS) and Software as a Service (SaaS).
As a key contributor, you will define and implement security measures for the product, including integrations such as Single Sign-On (SSO), Identity and Access Management (IAM), and other third-party systems. You will ensure secure configurations for protocols like SSL, manage web application security headers (e.g., CORS), and evaluate all security aspects of product deployments. If you have a passion for securing modern web applications in dynamic environments, this role is a perfect fit!
Key Responsibilities
- Security by Design: Work with product and engineering teams to design secure architectures for web-based applications and integrations.
- Product Security Evaluation: Assess and implement security measures specific to AaaS and SaaS models, including encryption, data protection, and tenant isolation.
- Single Sign-On and IAM: Integrate and secure authentication solutions like Single Sign-On (SSO), IAM frameworks, and third-party identity providers (e.g., Okta, Azure AD).
- Web Application Security: Implement and manage security protocols such as SSL/TLS, and enforce secure practices for web headers like CORS, Content-Security-Policy, and others.
- Vulnerability Management: Identify, prioritize, and remediate security vulnerabilities in the product through manual and automated methods.
- Threat Modeling: Conduct threat modeling and risk assessments for product components and integrations.
- Security Best Practices: Develop secure coding standards and guide engineering teams in adhering to them.
- Automation: Build and maintain automation scripts for testing security configurations in CI/CD pipelines.
- Monitoring and Incident Response: Collaborate with security operations to monitor and respond to security incidents related to the product.
- Compliance and Documentation: Ensure the product complies with security standards such as SOC 2, ISO 27001, or PCI-DSS. Document security policies, practices, and configurations.
Qualifications Education: Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field (or equivalent experience).
Technical Skills
- Strong understanding of security for AaaS and SaaS models, including multi-tenancy and data segregation.
- Experience with web application security protocols, including SSL/TLS, OAuth, SAML, and OpenID Connect.
- Familiarity with IAM and SSO providers like Okta, Azure AD, or similar.
- Proficiency in securing web technologies, including handling CORS, CSRF, XSS, and SQL Injectionvulnerabilities.
- Hands-on experience with security tools (e.g., OWASP ZAP, Burp Suite) and DevSecOps integration into CI/CD pipelines.
- Strong knowledge of secure coding practices and encryption standards.
- Proficiency in scripting or programming languages such as Python, JavaScript, or Java.
- Familiarity with cloud environments like AWS, Azure, or Google Cloud and their native security tools.
Experience
- 3–5 years of experience in application security, software development, or product security engineering.
- Proven track record of securing web-based products in a SaaS or AaaS environment.
- Hands-on experience with securing product integrations, including APIs and third-party services.
Soft Skills
- Strong problem-solving and analytical thinking abilities.
- Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
- Collaborative mindset and the ability to work ef