Job Description
Job Title: Product Security Engineer
Location: Bangalore, Karnataka
Duration: Long-Term Contract
Client: TEKION
Company Overview:
Fluidech
is a
technology consulting and managed
services firm focused on cybersecurity.
Founded in 2014
and
headquartered in Gurugram —and today with a
client base spanning over 100 organisations worldwide —Fluidech designs IT solutions aligned with business objectives, fostering trusted relationships and delivering measurable performance improvements.
Established as a born-in-the-cloud company, Fluidech has evolved into a trusted technology partner that helps businesses build
(Cloud & Infrastructure), automate (DevOps), and secure (Cyber Security services).
Our solutions span diverse industry verticals, aligned with each client’s business goals.
In addition to
holding
ISO 9001 and ISO 27001 certifications
and an award-winning cybersecurity team, the company has a strong value proposition in its GRC services across frameworks, including but not limited to
NCIIPC’s CAF, SEBI’s CSCRF,
and others.
Position Overview
We’re expanding our product security function to support fast-moving engineering teams building cloud-native web applications. Our developers ship quickly, experiment often, and work across a variety of stacks. Security’s role is to provide guardrails—not roadblocks—so teams can move fast and safely.
We’re looking for strong Product Security Engineers who can partner deeply with engineering and help raise the security bar across our products, platform, and underlying cloud infrastructure.
What You’ll Work On:
Product & Application Security
Perform
security reviews
of
web/mobile apps, microservices, and APIs .
Conduct
threat modelling (DFDs, architecture reviews, screen flows)
for new and existing features.
Work with engineering teams to design and implement secure patterns in a cloud native environment.
Secure SDLC & DevSecOps
Embed
security
into
CI/CD pipelines (SAST, DAST, SCA, container and IaC scanning).
Help design, tune, and maintain security tooling (open source, commercial, and in-house).
“Shift left” by building reusable guardrails, templates, and developer-friendly checks.
Application & Infrastructure Testing
Perform
hands-on vulnerability assessments
and
penetration testing
for
web/mobile/IoT components
and
backend services .
Hunt for vulnerabilities in
REST/gRPC APIs, authN/authZ flows , and
multi-tenant architectures .
Build scripts/automation to find “boring but important” bugs at scale.
Cloud & Platform Security
Review and improve the security of cloud accounts, IAM, network boundaries, and storage.
Collaborate with infra/platform teams to harden Kubernetes, serverless (lambdas/functions), and other PaaS components.
Define and validate baseline configurations, policies, and detection guardrails.
Collaboration, Enablement
Work closely with developers and tech leads to prioritise and remediate issues pragmatically.
Communicate security concepts clearly to non-security stakeholders.
What Makes Someone a Strong Fit:
Candidates are likely to be successful if they:
Have
hands-on product security experience
with
modern web application
stacks deployed on
AWS, GCP, or Azure .
Have a track record of finding real-world issues in:
Web/mobile apps
APIs and backend systems
Cloud infrastructure and configuration
Are comfortable discussing
architecture, data flows, CI/CD pipelines, secure SDLC, IAM, IaC, serverless , etc.
Can write quick scripts/automation (any language) to validate assumptions or scale testing.
Know how to balance risk with business priorities—a sense for when to push and when to offer options.
Propose pragmatic solutions instead of just identifying problems.
Collaborate effectively with strong engineering teams.
Are genuinely interested in security, research, and problem-solving.
Nice-to-Have Experience
Prior experience in high-performing product security teams at modern tech companies.
Security code review for
Java, Kotlin, Go, Node.js, Python, React/React Native , etc.
Experience with:
Kubernetes security
Secrets management
Multi-tenant SaaS security
Privacy/security by design for data-heavy systems
Contributions to open-source security tools, security research, or responsible disclosure programs.
