Associate Product Security Engineer

Basic Information






IND Pune - Business Bay

Date published:


Job ID:


Travel Amount:


Description and Requirements

From core to cloud to edge, BMC delivers the software and services that enable over 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
The Product Security Engineer will work in BMC’s R&D Product Security Group and will carry out threat modeling, security reviews, penetration tests and vulnerability assessments of multiple products and SaaS environments. 
A person should have “Get it done” and "Do it Right" attitude and should be thriving for the quality, diligence, and thoroughness. The role drives business value through technical innovation such as simplification, extensibility, supportability. 

Primary Roles and Responsibilities:
  • Perform security assessments of R&D products covering application, SaaS, open-source stacks, infrastructure, containers, and cloud
  • Provide subject matter expertise for Application Security and SaaS security
  • Develop security policies, standards, procedures, and guidelines related to product security and release management
  • Evangelize necessary application security measures such as secure coding and security testing
  • Use necessary security tools to test, monitor, and detect security events
  • Use security controls for the public cloud (such as AWS) and support monitoring and incident detection efforts
  • B.E /B.Tech or M.E/M.Tech in Computer Science or Information Security or equivalent experience
  • Good experience with web, mobile, network, thick-client, and API security assessments
  • Good track record of having reported vulnerabilities through bug bounty programs and responsible disclosure
  • Hands-on experience with DAST, SAST tools, and security platforms
  • Ability to find security issues in functional components and business logic
  • Experience working in SaaS environments/cloud where security is a continuous process
  • Thorough knowledge of application security standards such as OWASP Top 10, SANS Top 25, CERT Secure Coding, NIST standards.
  • Ability to write scripts and programs to support security automation efforts
  • Security certifications are a plus (OSCP, CEH, etc.)

It is the policy of BMC Software to afford equal opportunity for employment to all individuals regardless of race, color, age, national origin, physical or mental disability, history of disability, ancestry, citizenship status, political affiliation, religion, gender, transgender, gender identity, gender expression, marital status, status as a parent, sexual orientation, veteran status, genetic information or other factors prohibited by law, and to prohibit harassment or retaliation based on any of these factors. 

If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page.