Lead Product Security Engineer

About GrowwWe are a passionate group of people focused on making financial services accessible to every Indian through a multi-product platform. Each day, we help millions of customers take charge of their financial journey. Customer obsession is in our DNA. Every product, every design, every algorithm down to the tiniest detail is executed keeping the customers' needs and convenience in mind. Our people are our greatest strength. Everyone at Groww is driven by ownership, customer-centricity, integrity and the passion to constantly challenge the status quo.Are you as passionate about defying conventions and creating something extraordinary as we are? Let's chat.Our VisionEvery individual deserves the knowledge, tools, and confidence to make informed financial decisions. At Groww, we are making sure every Indian feels empowered to do so through a cutting-edge multi-product platform offering a variety of financial services. Our long-term vision is to become the trusted financial partner for millions of Indians.Our ValuesOur culture enables us to be what we are — India's fastest-growing financial services company. Everyone at Groww enjoys the autonomy and flexibility to bring their best work to the table, as well as craft a promising career for themselves.The values that form our foundation are:Radical customer centricityOwnership-driven cultureKeeping everything simpleLong-term thinkingComplete transparencyRoles & Responsibilities* Assess applications and products for security vulnerabilities, design flaws and interact with project teams to understand the security requirements* Performing Web application security testing, Mobile(Android/iOS) application security testing and Secure code review* Conduct Product Requirement reviews, Threat modelling, Static Code Reviews and cloud security assessments* Evaluate security vulnerabilities, think out of the box in building attack scenarios and prioritise remediation efforts* Evaluate and improve application security tools and processes* Research latest security best practices, staying current on new vulnerabilities and threatsEXPERTISE AND QUALIFICATIONS* Proficient in OWASP Top 10/SANS TOP 25, PRD Review, Threat Modelling, Red Teaming, Source Code review* Inclination towards learning multiple areas of security and building competency to deliver a wide spectrum of security like Cloud security, devSecOps, Data security etc.* Ability to understand tech deeply and work with respective tech teams to define functional security design and best practices framework for security* A sharp focus on automating repeatable tasks and reducing operational overheads* Excellent communication skills to proactively communicate with stakeholders to keep them up to speed on any issues.* Contributions to open source projects, GSoC etc is a plus* Certifications are not mandatory but skills are. PRB