Product Security Specialist

Job Title

Product Security Specialist

Job Description

Job Posting Description

1. Job Role Overview

• This role is embedded in the product development life cycle and ensures that Secure by Design, Privacy by Design, and threat modeling activities are carried out as part of the Secure Software Development Life Cycle (SSDLC).
• Individuals in this role engage with architects, technical leads, and R&D engineering and development teams to ensure security and privacy considerations are addressed early in the product development cycle.
• They collaborate with architects to identify appropriate security solutions, balancing security risk and business impact.
• The position emphasizes application security and product security risk management, with basic exposure to AI security considerations where AI/ML components are used.

1.1 Key Responsibilities

• Embed product security and privacy requirements into the design and development of medical devices and healthcare applications.
• Perform threat modeling (e.g., STRIDE, OWASP, MAESTRO) and product security risk assessments across all development phases.
• Assist business units in defining and implementing product security and privacy practices, including policies, standards, guidelines, and procedures.
• Verify that defined security and privacy requirements are implemented correctly and that controls operate as intended.
• Conduct security design reviews, code/security assessments, and compliance reviews for applications and product software.
• Guide teams in triaging, remediating, and tracking security findings from assessments, audits, and reviews.
• Provide product security risk management advice, including vulnerability impact analysis and risk acceptance recommendations.
• Review AI/ML-enabled application features for basic AI security and privacy risks, such as model misuse, data leakage, and adversarial threats.
• Provide guidance on secure use of AI services, model access control, data protection, and high-level AI risk mitigations.
• Collaborate with AI engineering teams to ensure AI components align with product security and regulatory expectations.

1.2 Required Experience & Qualifications

• 10 -14 years of experience in product security and application security, with responsibility for securing software products or medical applications.
• Hands-on experience across architecture, design, development, testing, release, and maintenance phases of secure software development.
• Strong experience in application security reviews, secure design assessments, and threat modeling.
• Experience supporting security incidents, including root-cause analysis and risk impact evaluation.
• Prior experience working with medical devices, healthcare software, or regulated products is strongly preferred.

1.3 Technical Skills

Application & Product Security

• Strong understanding of secure application architectures, OWASP Top 10, secure APIs, and authentication/authorization concepts.
• Experience reviewing and securing applications built using technologies such as Java, Spring, REST/SOAP APIs, and Linux-based environments.
• Knowledge of cryptography concepts, including encryption, hashing, PKI, certificates, and secure key management.
• Familiarity with penetration testing methodologies, vulnerability assessment techniques, and security testing tools (conceptual or hands-on).
• Strong exposure to healthcare and data protection regulations, including:
  • GDPR, HIPAA, and global privacy laws.
  • Medical device and quality standards (e.g., 21 CFR 820, ISO/TS 14265, or equivalent).
  • Experience supporting security audits, compliance assessments, and regulatory reviews.

1.4 Education

• Bachelor’s degree in technical stream required ( BE, ME, MS, MCA)
• Degree or concentration in Computer Science, Information Systems, Information Security or similar preferred.
• Ideal candidate will have one of the following certifications

• Security- CISSP, CISM, SABSA, CEH
• Privacy - CIPP, CIPM, CIPT