We're hiring a hands-on Product Security Engineer to secure modern, cloud-native platforms at a large-scale financial services environment. You'll own product and application security end-to-end, embedding controls into the Secure SDLC , automating security in CI/CD , and partnering directly with engineers to reduce real-world risk across services, APIs, and supply chains. What you'll work on: Secure SDLC ownership: design reviews, threat modelling, release criteria AppSec automation: SAST, DAST, SCA, secrets, IaC/container security Security code reviews (authn/authz, crypto, sessions, data protection, business logic) API security (OAuth/OIDC, token handling, schema validation, rate limiting, abuse prevention) Dependency & supply-chain security ( SCA, SBOMs, provenance ) Vulnerability life cycle: triage, SLAs, metrics, and targeted exploit validation You should have: 6+ years in Product/Application Security Strong OWASP Web & API risk knowledge and modern attack paths Experience securing microservices, containers, CI/CD pipelines Ability to read and review Back End code (Java, Go, Python, Node.js, etc.) A practical, engineering-first security mindset High-impact ...