Sr Security Engineer - Product Security

Job Position

• Senior Security Engineer – Product Security
• Location: Bangalore, Karnataka
• Experience: 6–8 Years
• Department: Information Security
• Employment Type: Full-Time

Overview

Ecolab’s Information Security team is seeking a Senior Security Engineer with strong expertise in Product Security to lead and enhance secure software development practices across the organization. This role focuses on integrating security into the Software Development Lifecycle (SDLC), identifying and mitigating application vulnerabilities, and guiding development teams on secure coding and architecture. The ideal candidate will have hands-on experience in application security, penetration testing, secure code reviews, and AI/LLM security.

Minimum Qualification

• Bachelor’s degree in computer science, information technology or related discipline.
• 6 - 8 years of experience in the Product Security domain.

Roles And Responsibilities

• Conduct Product Security Risk Assessments for Mobile, Web, API, and IoT applications.
• Perform and remediate findings from SAST, DAST, and manual penetration testing.
• Simulate attacks and generate detailed vulnerability reports.
• Collaborate with internal teams for automated and manual security testing.
• Review software applications for potential security flaws.
• Guide engineering teams on secure development practices and remediation strategies.
• Deliver secure coding training to development and engineering teams.
• Perform secure source code reviews and recommend mitigation strategies.
• Act as a technical liaison for CI/CD and DevSecOps integration.
• Automate security processes and integrate them into development pipelines.
• Stay updated on emerging threats, vulnerabilities, and countermeasures.
• Build and maintain strong relationships with stakeholders and business partners.

Technical Skills & Expertise

Must-Have Skills

• Strong expertise in OWASP Top 10, CWE Top 25, and data protection principles.
• Solid understanding of application architecture in multi-cloud and hybrid environments.
• Hands-on experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Security, and manual penetration testing.
• Proficiency in interpreting and writing code in Python, JavaScript/TypeScript, Java, C# (.NET), and Apex.
• Deep knowledge of software vulnerabilities, secure design patterns, and threat mitigation strategies.
• Experience integrating security into CI/CD pipelines and Developers workflows.
• Strong working knowledge of Web Application Firewall (WAF) technologies

Nice-To-Have Skills

• Familiarity with OWASP Top 10 for LLMs and emerging AI security frameworks.
• Understanding of Prompt Injection, Data Poisoning, and Model Theft threats.
• Experience securing AI APIs, ML pipelines, and LLM-based applications.
• Knowledge of API Security, Infrastructure as Code (IaC) Security, and Secrets Management.
• Experience in Threat Modelling and Attack Simulation techniques

Security Tools & Technologies

• Web Application Firewalls (WAF): Fastly, Cloudflare, Akamai.
• Security Scanners: Checkmarx, Snyk, Veracode, Qualys, Burp Suite, Wiz, Postman

Certification

• Certified Ethical Hacker (CEH)
• Certified Application Security Engineer (CASE .NET / CASE Java)
• Azure/AWS/Google Cloud Security Engineer