Product Security EngineerAbout Junglee Games:Junglee Games is part of Flutter Entertainment, the world’s leading iGaming and sports entertainment group listed on the New York Stock Exchange (NYSE: FLUT). We operate independently in India while leveraging Flutter’s global expertise across product, technology, and responsible gaming.Junglee Games is a technology-led entertainment powerhouse building safe, intelligent, and immersive gaming ecosystems that delight millions daily. Founded in San Francisco in 2012, we are revolutionizing the player experience by treating trust, safety, and fairness as engineering priorities. We specialize in building scalable platforms across a diverse portfolio of competitive and social genres including Ludo, Carrom, Solitaire, Rummy, Poker, Teen Patti, Pool, Quizzes and Tamboola.By marrying tech and deep data science with a passion for community, we have turned technology into our unfair advantage. Our focus on platform thinking allows us to deliver seamless, responsible, and culturally relevant experiences at a global scale.Joining Junglee Games means working at the intersection of India’s fast-growing gaming ecosystem and joining Flutter Entertainment’s global talent community, shaping the future of digital entertainment. Beyond gaming, Junglee Games represents a culture defined by technological ingenuity and strong values. We are committed to shaping the next generation of responsible leaders and redefining what it means to be a tech-first entertainment leader in a digital-first world.Position Overview​We are looking for a Product Security Engineer to serve as a key bridge between our Security and Engineering teams. In this role, you will be responsible for ensuring that security is baked into every stage of the software development lifecycle (SDLC). You will move beyond traditional "check-the-box" security by building automated systems that empower developers to ship secure code at scale.​Responsibilities​Lead security architecture and design reviews, threat modelling activities, and secure code assessments across multiple product lines.Design and maintain security guardrails within automated pipelines to identify vulnerabilities, hardcoded secrets, and insecure dependencies before they reach production.Harden cloud infrastructure security across AWS/Azure/GCP by implementing least-privilege IAM policies, monitoring workloads, and managing Cloud Security Posture (CSPM).Maintain and improve the security posture of cloud environments through identity hardening (IAM), workload monitoring, and continuous posture assessment.Perform deep-dive security assessments across web, mobile, and API surfaces, with a particular focus on complex authentication and authorization logic.Proficiency with a variety of security scanners (SAST/DAST/SCA) and the ability to integrate them into modern CI/CD workflows.Evaluate and secure modern application features, including AI-driven integrations and LLM-based interfaces.Assist developers with secure coding practices and remediation.​Experience managing bug bounty programs or coordinating vulnerability disclosure processes.Requirements6+ years of experience in Product Security, Application Security.Deep understanding of the Secure Software Development Lifecycle and how to bake security into it.Knowledge and experience in web application security testing, vulnerability assessment, penetration testing, and generating reports.Solid understanding of Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2, S3, CloudTrail, CloudFormation, CloudWatch, Cloud HSM, AWS Encryption SDK, RDS, ELB, AWS Route 53, CloudFront, SNS, Containers.Hands-on experience securing cloud-native environments with a focus on IAM, VPC security, and serverless/container security (Kubernetes/Docker).Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorizationIdentify security tools and lead operationalization of solutions from POC to ProductionSecurity Tooling: Proven track record of integrating and tuning SAST, DAST, and SCA tools (e.g., Snyk, Checkmarx, Wiz, or GitHub Advanced Security) within CI/CD pipelines.Experienced with Threat Modeling frameworks (STRIDE, PASTA) and the ability to conduct architectural risk assessments.Design a secure application release automation process to make security an integral part of the CI/CD pipelines.Ability to not just find bugs, but to work with engineering leads to prioritize and fix high-risk vulnerabilities across large codebases.
