Job Title

Senior Product Security Engineer (AWS / DevSecOps / SSDLC)Location: Chennai, IndiaType: Full-timeIndustry: Healthcare Technology / CybersecurityUrgent Hiring | Immediate Joiners PreferredWe are hiring a Senior Product Security Engineer to help build and mature our Product Security and DevSecOps function across a healthcare technology environment running on AWS.This is not a generic DevOps role.We need someone who understands how products are built, can implement a practical Secure SDLC, improve DevOps and DevSecOps maturity, and help establish security operations and controls across AWS and across each digital product.You will work closely with engineering, DevOps, cloud, and leadership teams to embed security into the full product lifecycle, from design and development through deployment, monitoring, and response.This role is a foundational hire and will help shape what will become our DevSecOps team.What you will doLead the implementation and maturation of the Secure Software Development Lifecycle (SSDLC) across digital productsEmbed security controls into CI/CD pipelines and engineering workflowsPartner with product, engineering, and DevOps teams to move from traditional DevOps to DevSecOpsDefine and implement application security controls including:- SAST- DAST- SCA / dependency scanning- secrets scanning- IaC scanning- container and image securityEstablish practical security gates, release controls, exception handling, and remediation workflowsDrive threat modeling, secure design reviews, and secure coding practices for product teamsImprove AWS security posture across product and platform environments, including:- IAM- logging and monitoring- encryption- secrets management- configuration baselines- vulnerability management- runtime visibilityHelp implement SecOps capabilities for product environments, including security findings triage, remediation tracking, product-relevant monitoring, and incident coordinationPartner with compliance and leadership teams to align security controls to SOC 2, HITRUST, HIPAA, and GDPRSupport audit readiness by helping define controls, evidence processes, and repeatable security operationsHelp create the standards, processes, and technical foundation for a growing DevSecOps teamWhat we are looking for7+ years of experience in Product Security, Application Security, DevSecOps, or Security EngineeringStrong experience in AWS security across cloud-native or SaaS environmentsProven experience implementing or maturing SSDLC / Secure SDLCStrong understanding of modern software development and product delivery lifecyclesHands-on experience integrating security into CI/CD pipelinesExperience with one or more of the following:- SAST- DAST- SCA- secrets scanning- IaC scanning- container security- runtime/cloud security toolingStrong working knowledge of:- AWS IAM- VPC / network security- CloudTrail / CloudWatch- Security Hub- GuardDuty- Inspector- Macie- KMS / encryption- secrets managementExperience building or improving vulnerability management and remediation workflows for product teamsAbility to work directly with developers and DevOps engineers to make security practical and adoptableExperience supporting regulated environments and security frameworks such as ISO 27001, SOC 2, HITRUST, HIPAA, and GDPRStrong communication skills and the ability to influence engineering teamsStrongly preferredExperience in healthcare, healthcare SaaS, or other regulated product environmentsExperience with threat modeling, secure architecture reviews, and product security reviewsExperience creating security standards, engineering guardrails, and measurable DevSecOps processesExperience helping stand up or scale a Product Security / DevSecOps functionWhy this role mattersThis is a high-impact role for someone who wants to build, not just maintain.You will help shape how security is implemented across our products, AWS environment, development lifecycle, and compliance program. You will have a direct hand in improving engineering maturity, reducing product risk, and building the foundation for a long-term DevSecOps capability.Immediate hire only. Immediate joiners or candidates with short notice periods will be strongly preferred.