Skip to main content

Software Product Security Engineer

DATAMAZE . AI

DubaiOn-siteFull-Time5d ago

Description

Hyderabad, India / Dubai, UAE

Full-time

Apply to Job

About The Role We are seeking a Software Product Security Engineer to ensure security across the lifecycle of our web-based product. This role focuses on embedding security practices into the design, development, implementation, and integration phases while addressing the unique challenges of delivering our product as Application as a Service (AaaS) and Software as a Service (SaaS).

As a key contributor, you will define and implement security measures for the product, including integrations such as Single Sign-On (SSO), Identity and Access Management (IAM), and other third-party systems. You will ensure secure configurations for protocols like SSL, manage web application security headers (e.g., CORS), and evaluate all security aspects of product deployments. If you have a passion for securing modern web applications in dynamic environments, this role is a perfect fit!

Key Responsibilities

  • Security by Design: Work with product and engineering teams to design secure architectures for web-based applications and integrations.
  • Product Security Evaluation: Assess and implement security measures specific to AaaS and SaaS models, including encryption, data protection, and tenant isolation.
  • Single Sign-On and IAM: Integrate and secure authentication solutions like Single Sign-On (SSO), IAM frameworks, and third-party identity providers (e.g., Okta, Azure AD).
  • Web Application Security: Implement and manage security protocols such as SSL/TLS, and enforce secure practices for web headers like CORS, Content-Security-Policy, and others.
  • Vulnerability Management: Identify, prioritize, and remediate security vulnerabilities in the product through manual and automated methods.
  • Threat Modeling: Conduct threat modeling and risk assessments for product components and integrations.
  • Security Best Practices: Develop secure coding standards and guide engineering teams in adhering to them.
  • Automation: Build and maintain automation scripts for testing security configurations in CI/CD pipelines.
  • Monitoring and Incident Response: Collaborate with security operations to monitor and respond to security incidents related to the product.
  • Compliance and Documentation: Ensure the product complies with security standards such as SOC 2, ISO 27001, or PCI-DSS. Document security policies, practices, and configurations.

Qualifications Education: Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field (or equivalent experience).

Technical Skills

  • Strong understanding of security for AaaS and SaaS models, including multi-tenancy and data segregation.
  • Experience with web application security protocols, including SSL/TLS, OAuth, SAML, and OpenID Connect.
  • Familiarity with IAM and SSO providers like Okta, Azure AD, or similar.
  • Proficiency in securing web technologies, including handling CORS, CSRF, XSS, and SQL Injectionvulnerabilities.
  • Hands-on experience with security tools (e.g., OWASP ZAP, Burp Suite) and DevSecOps integration into CI/CD pipelines.
  • Strong knowledge of secure coding practices and encryption standards.
  • Proficiency in scripting or programming languages such as Python, JavaScript, or Java.
  • Familiarity with cloud environments like AWS, Azure, or Google Cloud and their native security tools.

Experience

  • 3–5 years of experience in application security, software development, or product security engineering.
  • Proven track record of securing web-based products in a SaaS or AaaS environment.
  • Hands-on experience with securing product integrations, including APIs and third-party services.

Soft Skills

  • Strong problem-solving and analytical thinking abilities.
  • Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
  • Collaborative mindset and the ability to work ef

More jobs in Dubai