Job Title: Product Security Lead

Location: Pune, India

Shift Timing: 1:00 PM - 10:00 PM

Skills & Expertise

• Proficiency in OWASP Top 10, SANS Top 25, threat modeling, red teaming, and secure code review.
• Understanding of the Purdue Model for energy‑storage communication and cyber security.
• Knowledge of Cyber‑Informed Engineering (CIE).
• Experience with SCADA/EMS systems, routers, switches, and firewalls.
• Expertise in secure architecture, segmentation, DMZ design.
• Risk assessment and mitigation experience.
• Cyber‑secure supply‑chain knowledge.
• Broad security knowledge in cloud, data, and DevSecOps.
• Strong automation‑focused mindset.
• Excellent communication skills.
• Open‑source contributions are a plus.
• Skills valued more than certifications.

Technical & Security Responsibilities

• Design and engineering of software/firmware security controls.
• Implement and/or oversee implementation of security features and practices.
• Understanding of industrial cybersecurity standards.
• Security architecture design including low‑level hardware interactions.
• Security threat assessment, modeling, and incident reporting.
• Work with cryptographic protocols.
• Implement reporting controls and conduct audits.
• Apply Zero‑Trust and Secure‑by‑Design principles.
• Vendor and supply‑chain security oversight.
• Familiarity with IEEE 1547.3‑2023 and UL 2941.
• Embed security across the development lifecycle.

Core Security Activities

• Implement and manage security practices including patch management, review audit logs.
• Collaboration: Work closely with dev, product, and incident response and Cyber security teams.
• Code Review & Testing: Perform SAST, DAST, penetration tests, and vulnerability assessments.
• Application Security: Expertise in web, mobile, API, and cloud security.
• Cloud Security: Secure IaaS, PaaS, serverless, and container environments.
• Communication: Translate complex security concepts to all audiences.
• Threat Modeling: Identify and analyze threats for new features.
• Offensive Security: Conduct simulated attacks.

Business Unit: GBU Renewables & Flexible Power

Division: R&B AMEA - India & South-East Asia

Legal Entity: ENGIE Energy and Services India Private Limited

Professional Experience: Skilled ( >3 experience <15 years)

Education Level: Technical Qualification

Company Name: ENGIE