Apply

Product Security Engineer II Bengaluru, KarnatakaSecurity /Full Time /Hybrid APPLY FOR THIS JOB Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family’s future. Kids and teens learn to earn, save, spend wisely, and invest. At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It’s no small task, and that’s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it. We are seeking a Product Security Engineer II to join our growing security team. This role will be critical in ensuring the security of our products across the entire software development lifecycle (SDLC) and provide support on different security initiatives. You will work closely with engineering, product, and operations teams to embed security best practices from design through to deployment. Technologies we use: Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI AWS MySQL, DynamoDB, Redis Kubernetes, Ambassador, Helm, Rancher What you will be doing: Support in executing a comprehensive product security strategy that aligns with the company's goals and risk appetite. You will work hands on across code, infrastructure, and CI/CD to create agents, services and pipelines that detect, prevent and remediate risks leveraging AI where it adds value.  Design, build and operate security automation for the SDLC (code scanning, dependency risk management, secrets detection, policy-as-code) integrated into CI/CD.  Perform Manual Design and Implementation Reviews of Greenlight products and services from a security perspective. Establish and enforce secure development standards (i.e. API security, Security patterns, IaC, etc.)  and best practices across the organization. Serve as SME on the practical security of our AI and LLM ecosystem. Lead threat modeling exercises for novel AI systems applying advanced security and privacy best practices.  Leverage automations and tools to continuously test, fuzz and validate products and platform components for security issues. Perform Penetration testing and retesting to validate fixes. Responsible for triaging findings from security researchers and leading incident response for PSIRT. OnCall support for incident response and lead product-related security events and vulnerabilities. Foster a culture of security awareness and ownership across the Engineering and Product organizations. Stay current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes. What you should bring 5+ years of experience finding security vulnerabilities, security code reviews  and knowledge of secure code development for the technology stack at Greenlight. 2-4 years experience with the threat modeling process and ability to find design problems based on technical architecture and data flow diagrams. Experience with exploiting common security vulnerabilities  Deep technical knowledge of web and mobile application security, common vulnerabilities, secure coding practices, common exploit mitigations and secure architecture patterns. Experience integrating or building AI-powered tools to assist with vulnerability detection, code review or threat modeling.  Experience creating software that enables security processes especially those leveraging AI/ML for automation or augmentation.  End to end experience on implementing and managing tools for Product Security (i.e. API Security, Mobile Protection, SAST, runtime scanning, etc.) Experience with software development and automation that enables security processes. Deep technical knowledge of CI/CD pipelines and relevant tools for web and ... (truncated, view full listing at source)