Job Title

Job Title: Product Security Engineer Location: Bangalore, KarnatakaDuration: Long-Term Contract Client: TEKION Company Overview:Fluidech is a technology consulting and managed services firm focused on cybersecurity.Founded in 2014 and headquartered in Gurugram—and today with a client base spanning over 100 organisations worldwide—Fluidech designs IT solutions aligned with business objectives, fostering trusted relationships and delivering measurable performance improvements.Established as a born-in-the-cloud company, Fluidech has evolved into a trusted technology partner that helps businesses build (Cloud & Infrastructure), automate (DevOps), and secure (Cyber Security services). Our solutions span diverse industry verticals, aligned with each client’s business goals.In addition to holding ISO 9001 and ISO 27001 certifications and an award-winning cybersecurity team, the company has a strong value proposition in its GRC services across frameworks, including but not limited to NCIIPC’s CAF, SEBI’s CSCRF, and others.Position Overview We’re expanding our product security function to support fast-moving engineering teams building cloud-native web applications. Our developers ship quickly, experiment often, and work across a variety of stacks. Security’s role is to provide guardrails—not roadblocks—so teams can move fast and safely.We’re looking for strong Product Security Engineers who can partner deeply with engineering and help raise the security bar across our products, platform, and underlying cloud infrastructure. What You’ll Work On:Product & Application Security Perform security reviews of web/mobile apps, microservices, and APIs.Conduct threat modelling (DFDs, architecture reviews, screen flows) for new and existing features.Work with engineering teams to design and implement secure patterns in a cloud native environment.Secure SDLC & DevSecOps Embed security into CI/CD pipelines (SAST, DAST, SCA, container and IaC scanning). Help design, tune, and maintain security tooling (open source, commercial, and in-house).“Shift left” by building reusable guardrails, templates, and developer-friendly checks.Application & Infrastructure Testing Perform hands-on vulnerability assessments and penetration testing for web/mobile/IoT components and backend services.Hunt for vulnerabilities in REST/gRPC APIs, authN/authZ flows, and multi-tenant architectures.Build scripts/automation to find “boring but important” bugs at scale.Cloud & Platform Security Review and improve the security of cloud accounts, IAM, network boundaries, and storage.Collaborate with infra/platform teams to harden Kubernetes, serverless (lambdas/functions), and other PaaS components.Define and validate baseline configurations, policies, and detection guardrails.Collaboration, Enablement Work closely with developers and tech leads to prioritise and remediate issues pragmatically.Communicate security concepts clearly to non-security stakeholders.What Makes Someone a Strong Fit:Candidates are likely to be successful if they: Have hands-on product security experience with modern web application stacks deployed on AWS, GCP, or Azure.Have a track record of finding real-world issues in:Web/mobile apps APIs and backend systems Cloud infrastructure and configuration Are comfortable discussing architecture, data flows, CI/CD pipelines, secure SDLC, IAM, IaC, serverless, etc.Can write quick scripts/automation (any language) to validate assumptions or scale testing.Know how to balance risk with business priorities—a sense for when to push and when to offer options.Propose pragmatic solutions instead of just identifying problems.Collaborate effectively with strong engineering teams.Are genuinely interested in security, research, and problem-solving.Nice-to-Have Experience Prior experience in high-performing product security teams at modern tech companies.Security code review for Java, Kotlin, Go, Node.js, Python, React/React Native, etc.Experience with: Kubernetes securitySecrets managementMulti-tenant SaaS securityPrivacy/security by design for data-heavy systemsContributions to open-source security tools, security research, or responsible disclosure programs.