Senior Product Security Leader (DevSecOps & AI Security)

Inceptial Tech

Website: inceptialtech.com
Job details:

Role Description

We are looking for a Senior Product Security Leader to define and scale end-to-end security across modern cloud-native and AI-driven systems.

This is a hands-on leadership role where you will own security across the full product lifecycle—from secure design and threat modeling to DevSecOps pipeline security, AI/LLM security governance, and vulnerability management. You will work closely with engineering and platform teams to enable secure and efficient product delivery.

Key Responsibilities

Secure-by-Design Engineering

• Define and enforce Secure SDLC practices across engineering teams
• Lead architecture-level security reviews for critical systems and features
• Drive threat modeling using STRIDE and MITRE ATT&CK frameworks
• Establish reusable secure design patterns for identity, secrets, cryptography, and data protection

DevSecOps at Scale

• Embed security controls into CI/CD pipelines (shift-left and shift-right)
• Implement SAST, SCA, secrets scanning, and IaC security
• Operationalize DAST and runtime security validation
• Define release security gates, remediation SLAs, and governance processes
• Drive SBOM generation, artifact signing, and supply chain security practices
• Collaborate with Cloud and Platform teams to align monitoring, detection, and incident readiness

AI/LLM and Data Security

• Define and implement security controls for AI/ML and LLM systems
• Secure the AI lifecycle across training, inference, and deployment
• Mitigate risks such as prompt injection, data leakage, and model misuse
• Establish AI security guardrails including input validation, output filtering, and adversarial testing
• Enforce data protection and DLP policies (e.g., Microsoft Purview)
• Build AI governance, monitoring, and lineage frameworks

Product Security Incident Response (PSIRT)

• Lead vulnerability intake, triage, and coordinated disclosure
• Drive remediation tracking, patching, and communication
• Align PSIRT processes with supply chain security and GRC frameworks
• Track and report on key metrics such as MTTR, vulnerability aging, and exploitability

Security Leadership and Governance

• Define product security metrics and reporting frameworks
• Influence engineering leadership and drive adoption of security practices
• Act as a trusted advisor across Product, Engineering, and Security teams

Required Qualifications

• 8+ years of experience in Product Security, Application Security, or Security Engineering
• 3+ years of experience leading DevSecOps or Application Security programs
• Strong hands-on experience with SAST, DAST, SCA, and threat modeling
• Experience with CI/CD security (Azure DevOps or similar platforms)
• Experience securing cloud-native systems on AWS, Azure, or GCP

Preferred Qualifications

• Experience in product-based organizations
• Familiarity with PSIRT processes and vulnerability disclosure
• Knowledge of SBOM standards (SPDX, CycloneDX) and supply chain security (SLSA, Sigstore, Cosign)
• Exposure to AI/ML or LLM security concepts

Certifications (Preferred)

• CISSP, CSSLP, or CCSP
• OSCP or OSWE
• GIAC certifications such as GWAPT, GXPN, or GCSA 

Additional Advantage

• Exposure to AI/ML security frameworks such as ISO 42001 or NIST AI Risk Management Framework
• Cloud certifications such as Azure Security Engineer or AWS Security Specialty 

Click on Apply to know more.