Lead Product Security Engineer

Envestnet Asset Management, Inc


Date: 16 hours ago
City: Thiruvananthapuram, Kerala
Contract type: Full time

Description

Job Location

The primary work location for this role is Trivandrum with a hybrid work model.


About Envestnet

Envestnet is an adaptive WealthTech company that is redefining the future of wealth management by helping advisors meet the moment with its comprehensive technology, actionable insights, and industry leading support. Backed by over 25 years of experience and approximately $7.0 trillion in platform assets, Envestnet is trusted by over one third of financial advisors across leading banks, wealth managers, brokerages, and RIAs.


For a deeper look at how Envestnet is shaping the future of financial advice, visit www.envestnet.com.


The Team You’ll Join

The Product Security team at Envestnet partners with engineering, DevOps, and operations teams to embed security across the software development lifecycle.

We are responsible for application security, secure coding practices, and DevSecOps automation, and we perform security architecture reviews and threat modeling to identify and mitigate risk early in the design and development phases. The team also leads emerging initiatives in AI, supporting the secure and responsible adoption of AI technologies across products.

Through close cross‑functional collaboration, we help teams deliver scalable, cloud‑native products that are secure by design, aligned with industry standards, and resilient to evolving threats—while enabling engineers to build and ship software confidently at scale.


How You’ll Contribute

As a Consultant Product Security, you will guide the organization in designing and implementing secure software development practices by collaborating with development, DevOps, and operations teams to embed security throughout every phase of the software development lifecycle (SDLC). Your responsibilities will include advising on application security scans, developing tool run books, and driving automation initiatives to enhance DevSecOps programs. You will also recommend best practices and process improvements to improve the efficiency of the overall security program. Serving as a security subject matter expert, you will mentor junior engineers and provide expert guidance in the product security program by performing comprehensive security reviews and coordinating external penetration test activities, including threat modeling and application security validation. The ideal candidate will have extensive experience consulting with software development teams, deep knowledge of security-by-design and privacy-by-design principles, and familiarity with industry standards such as NIST CSF, SSDF, and OWASP. You will also evaluate and recommend security tools and platforms based on detailed assessments of control gaps and organizational needs. Your responsibilities include:

  • Define and enforce secure coding standards and best practices.
  • Hands on experience to perform Threat Modeling and source code analysis across various development languages (preferably in .NET and JAVA)
  • Design and implement secure CI/CD pipelines with integrated security controls.
  • Automate security testing (SAST, DAST, IAST, SCA, container scanning) in the SDLC process.
  • Evaluate and integrate security tools and platforms
  • Lead DevSecOps program in collaboration with DevOps, Operations and Engineering teams
  • Build automation focused on efficiency (E.g. increase triaging efficiency, manage false positives etc.)
  • Leverage ASPM and build workflows and reports
  • Evaluate and integrate security tools and platforms
  • Implement Infrastructure as Code (IaC) security and cloud-native security controls.

What You’ll Need to Bring

  • Overall, 8 -10 years of experience in application security, software development, or related roles.
  • 6+ years of work experience in Application security, preferably in a fintech or financial services domain
  • Strong understanding of web, mobile, API and cloud applications & its architectures.
  • Experience of code reviewing or code contributing to Java, Java Script, .Net. C#, Python, or IaC scripting.
  • Hands-on experiences running SCA, SAST, DAST, IAST, SBOM, ASPM, Apigee, WAF etc., with approaches or optimizations for the tools to efficiently enforce the enterprise S-SDLC policies.
  • Deep understanding of DevSecOps practices and experience in CI/CD automation for one of the popular platforms, such as Gitlab, GitHub or Azure DevOps.
  • Knowledge of cloud platforms (AWS, Azure) and container orchestration (Kubernetes, Docker).
  • Perspective of supporting developer tools as a security professional (E.g. integrating security tools with IDE, PR checks etc.)

Nice-to-Haves

  • Certifications such as CSSLP, OSWE, or CEH.
  • Exposure to AI security initiatives is an advantage

Why You’ll Enjoy Working at Envestnet

Help shape the future of WealthTech. At Envestnet you’ll gain hands-on experience and collaborate with some of the industry’s brightest minds to deliver meaningful, innovative solutions that make a real difference.


We value flexibility in how and where work gets done, and we recognize strong performance with meaningful rewards—because your contributions should drive both business success and your own personal growth. If you’re looking for a place where your work has impact, your development is supported, and your contributions are truly valued, Envestnet is where you can build your future.


The opportunity is now!


Our Investment in You

At Envestnet, our total rewards philosophy is designed to attract, motivate, and grow exceptional talent. We offer competitive, market-aligned compensation complemented with performance-linked incentives and rewards programs that recognize and reward impact.


In addition, we provide a comprehensive suite of benefits - subject to Envestnet’s plan eligibility rules - that support your overall well-being, including medical insurance for you and your family, annual health check-ups, free online doctor consultations and telemedicine services, subsidized health club memberships, and an employee assistance program. Our investment in you means supporting you professionally, financially, and personally at every stage of your journey with us.


Our Commitment to Inclusion & Belonging

Envestnet is an Equal Employment Opportunity employer and does not discriminate in employment on the basis of religion, race, color, caste, sex, gender, gender identity or expression, pregnancy, age, disability, medical condition, nationality, ethnic origin, marital status, or any other status protected under applicable Indian law. This commitment is in accordance with the Constitution of India and applicable labor and employment laws. All employment decisions are made solely based on merit, qualifications, performance, and business needs.


We strive to provide an inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation, please contact us at [email protected]. Please include your full name, the title of the role you are applying for, and the accommodation necessary to assist you with the recruiting process.


Recruitment Fraud

At Envestnet, safeguarding the trust and safety of job seekers is a top priority. We are aware that scammers may impersonate Envestnet recruiters or create fake job opportunities to deceive candidates. Review the information on our recruitment fraud awareness page to help you recognize and avoid recruitment fraud.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Technical Lead

Guidehouse India Pvt Ltd, Thiruvananthapuram, Kerala
2 weeks ago
Job Family: IT Architecture/Cloud (India) Travel Required: None Clearance Required: None What You Will Do: Design, build, and enhance enterprise application components supporting solution delivery, including initial delivery tranches and follow-on iterations. Engineer solutions using an AI‑first mindset, incorporating AI‑enabled workflows and automation as part of the core delivery approach where it adds value and is supportable long‑term by IT....

Lead I - Engineering Design

UST, Thiruvananthapuram, Kerala
3 weeks ago
Role description Job Description: Minimum 5+ years of hands-on experience in Siemens NX customization. Good working knowledge of NX Open using any language like C, C++, C#. Working knowledge of Knowledge Fusion and Ufunc apis. Experience in writing NX Journals for automation and reducing manual work. Ability to develop custom tools, and utilities inside NX as per user needs. Good...

Lead I - Python Kafka Development, docker, oauth2

UST Global, Thiruvananthapuram, Kerala
4 weeks ago
ID: 60009 5 - 7 Years 2 Openings Trivandrum Role description We are seeking an experienced Backend Developer with 6+ years of experience to design, develop, and maintain scalable backend systems. The ideal candidate should have strong expertise in Python, event-driven architectures using Kafka, and containerization with Docker, along with a solid understanding of authentication and authorization flows. Key Responsibilities...