Product Security Specialist

We are seeking a Product Security Specialist to build and lead client’s Product Security capability across the Group.

This role focuses on securing the entire product as a complete system delivered to customers — including application, cloud infrastructure, data, identity, integrations, and operational layers — rather than only source code or SDLC-level application security.

The position will define and operate the product security program, embed security into the product lifecycle, and ensure end-to-end security posture across all products, including AI-enabled capabilities.

Key Responsibilities

• Build and operate the Group-wide Product Security program, including strategy, governance, standards, and operating model.
  
• Define and enforce end-to-end security requirements across the full product stack (application, cloud, data, identity, integrations, operations).
  
• Integrate security requirements into product lifecycle stages from design through deployment and operations.
  
• Oversee secure cloud usage (AWS, Azure), including configuration, segmentation, and workload security posture.
  
• Ensure secure multi-tenant architecture, including data isolation in storage, compute, and transit layers.
  
• Govern privileged and administrative access to production systems and internal tooling.
  
• Ensure proper logging, auditability, and telemetry for compliance, monitoring, and customer assurance.
  
• Support product security compliance, certifications, audits, and customer security questionnaires.
  
• Drive prioritization and remediation of product security risks and vulnerabilities with engineering teams.
  
• Conduct and facilitate threat modeling and system-level security risk assessments.
  
• Lead security design reviews for new products, features, and architectural changes.
  
• Embed security capabilities such as cloud security controls, identity controls, and data protection mechanisms into products.
  
• Promote security awareness across product, engineering, and business teams.
  
• Define and monitor product security metrics, KPIs, and risk posture across the organization.
  
• Maintain consolidated visibility of product security risks and remediation status across the Group.
  
• Collaborate with Application Security, Cloud Security, Architecture, GRC, Legal, Privacy, and Engineering teams.
  
• Research emerging threats in cloud, SaaS, and AI security and evolve security standards accordingly.
  
• Embed security requirements for AI-enabled product features in collaboration with AI Security teams.
  

Requirements

• Minimum 7 years of experience in Product Security, Cloud Security, Security Architecture, or related roles.
  
• Strong understanding of SaaS and cloud-native product architectures.
  
• Experience with AWS and/or Azure cloud security.
  
• Knowledge of multi-tenant security models and data isolation techniques.
  
• Experience in threat modeling, risk assessment, and security design reviews.
  
• Strong understanding of IAM, PAM, API security, authentication, authorization, and data protection.
  
• Knowledge of security frameworks including ISO 27001, SOC 2, NIST, and CSA CCM.
  
• Awareness of AI security risks including LLMs, generative AI, prompt injection, and data leakage.
  
• Strong analytical and risk communication skills.
  
• Excellent written and verbal communication in English.
  

Preferred Qualifications

• Familiarity with OWASP Top 10 for LLM Applications.
  
• Knowledge of NIST AI RMF and ISO 42001.
  
• Experience with CSPM/CNAPP tools and cloud security assurance.
  
• Experience supporting SOC 2 or ISO 27001 compliance programs.
  
• Experience building security programs in multi-entity organizations.
  
• Certifications such as CISSP, CCSP, CISM, CRISC, AWS Security Specialty, or AZ-500.