Inceptial Tech
Website:
inceptialtech.com
Job details:
Role Description
We are looking for a Senior Product Security Leader to define and scale end-to-end security across modern cloud-native and AI-driven systems.
This is a hands-on leadership role where you will own security across the full product lifecycle—from secure design and threat modeling to DevSecOps pipeline security, AI/LLM security governance, and vulnerability management. You will work closely with engineering and platform teams to enable secure and efficient product delivery.
Key Responsibilities
Secure-by-Design Engineering
- Define and enforce Secure SDLC practices across engineering teams
- Lead architecture-level security reviews for critical systems and features
- Drive threat modeling using STRIDE and MITRE ATT&CK frameworks
- Establish reusable secure design patterns for identity, secrets, cryptography, and data protection
DevSecOps at Scale
- Embed security controls into CI/CD pipelines (shift-left and shift-right)
- Implement SAST, SCA, secrets scanning, and IaC security
- Operationalize DAST and runtime security validation
- Define release security gates, remediation SLAs, and governance processes
- Drive SBOM generation, artifact signing, and supply chain security practices
- Collaborate with Cloud and Platform teams to align monitoring, detection, and incident readiness
AI/LLM and Data Security
- Define and implement security controls for AI/ML and LLM systems
- Secure the AI lifecycle across training, inference, and deployment
- Mitigate risks such as prompt injection, data leakage, and model misuse
- Establish AI security guardrails including input validation, output filtering, and adversarial testing
- Enforce data protection and DLP policies (e.g., Microsoft Purview)
- Build AI governance, monitoring, and lineage frameworks
Product Security Incident Response (PSIRT)
- Lead vulnerability intake, triage, and coordinated disclosure
- Drive remediation tracking, patching, and communication
- Align PSIRT processes with supply chain security and GRC frameworks
- Track and report on key metrics such as MTTR, vulnerability aging, and exploitability
Security Leadership and Governance
- Define product security metrics and reporting frameworks
- Influence engineering leadership and drive adoption of security practices
- Act as a trusted advisor across Product, Engineering, and Security teams
Required Qualifications
- 8+ years of experience in Product Security, Application Security, or Security Engineering
- 3+ years of experience leading DevSecOps or Application Security programs
- Strong hands-on experience with SAST, DAST, SCA, and threat modeling
- Experience with CI/CD security (Azure DevOps or similar platforms)
- Experience securing cloud-native systems on AWS, Azure, or GCP
Preferred Qualifications
- Experience in product-based organizations
- Familiarity with PSIRT processes and vulnerability disclosure
- Knowledge of SBOM standards (SPDX, CycloneDX) and supply chain security (SLSA, Sigstore, Cosign)
- Exposure to AI/ML or LLM security concepts
Certifications (Preferred)
- CISSP, CSSLP, or CCSP
- OSCP or OSWE
- GIAC certifications such as GWAPT, GXPN, or GCSA
Additional Advantage
- Exposure to AI/ML security frameworks such as ISO 42001 or NIST AI Risk Management Framework
- Cloud certifications such as Azure Security Engineer or AWS Security Specialty
Click on Apply to know more.