Principal Product Security Engineer |India

💰 ₹18,000 - ₹28,800 (Est.) 📍 Bengaluru 🕐 5 days ago

Job Description

As a Principal Product Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.

You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.

You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.

You love to solve puzzles, and are a great team player.

This role is remote.

What you’ll do:

The primary emphasis of this role will be code, both reading and writing it (securely) and chatting about it with developers.

You will dive deep into the Vimeo codebase and become highly familiar with many of our repos. You will form and communicate strong opinions about the security, maintainability, and overall quality of existing and proposed architectures, at both the software and system level. You will frequently consult with developers and product managers, providing them with valuable guidance on secure coding patterns and system architectures.

During a typical week, you may spend some time:
• Tracking down the line of code responsible for a bug discovered via our bug bounty program (http://hackerone.com/vimeo) and then educating developers and providing them with recommendations on how to best fix the issue
• Auditing a legacy backend controller and providing recommendations to developers on how to best refactor the code to eliminate existing authorization bugs and reduce the likelihood of future ones
• Paring with an engineering team to design the architecture for a new microservice and ensuring that the design adheres to industry best practices (e.g. OWASP ASVS 4.0, CIS benchmarks, etc.)
• Coding up a prototype for a new permissions middleware
• Flagging to leadership a recurring systemic security issues in our codebase and providing highly actionable recommendations to address the root cause in a thorough, maintainable manner
• Hopping on a call or two with Development, Product Management teams to discuss security-related issues
• Engaging with one or more product development teams and guide them through a threat model and data flow analysis.
• Providing technical advice in response to occasional questions from developers and other members of the security team

As such, you must be highly proficient with both reading and writing high quality, highly maintainable full-stack web application code, including front-end, back-end, and infrastructure components. You must be comfortable regularly communicating with a broad variety of stakeholders.

Depending on your preferences and the current needs of the team, you may potentially also participate in the following activities (although, this will likely be secondary to the activities described above):
• Penetration testing — either hunt for security issues on our production or staged applications during an open-box internal pen test, or help coordinate an engagement with an external firm
• Writing code for internal automated security tools — write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often we strive to facilitate a culture of “paved roads” for our developers, such that it is easy for any developer to incorporate security into their designs and implementations
• Threat modeling — consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are needed
• Code reviews — discover weakness in our source code before it reaches production
• Bug bounty program — help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement on our programs
• Web Application Firewall and Rate Limiting — expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability team
• Remediation — enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To Remediate
• Secure Software Development Lifecycle — configure automated tooling (eg. static and dynamic code analysis, IAST) in our SDLC to detect security issues in our source code before it reaches production
• Developer Education, Security Culture — create fun ways to spread technical security awareness throughout the engineering department
• Incident response — lead or assist in running the various phases of an incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc.
• Collaboration with the infrastructure security team — pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstations
• Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards
• Process improvements — help strengthen our own internal processes and procedures

Skills and knowledge you should possess:
• Required: 5+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience.
• Preferred: prior experience in Application Security
• 7+ total years of relevant experience in Engineering, Application Security, or a similar technical field.
• Strong knowledge of modern web, mobile, and network security
• Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby
• Expertise with application pen testing, using tools like Burp or Zap
• Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment.
• Confident with shell scripting
• Confident with common SDLC components, like git, Jira, Jenkins, etc
• Confident ability to communicate technical security concepts to developers
• At least an upper-intermediate level of English

Bonus points (nice skills to have, but not needed):
• Link to a Github repo with security tools/scripts you’ve developed or help maintain
• Full-stack web development experience creating RESTful applications (in any language) is a big plus
• Open source vulnerability research or blog posts is a big plus
• Experience with system security hardening guidelines and SDLC principles

About Us:

Vimeo (NASDAQ:VMEO) is the world’s most innovative video experience platform. We enable anyone to create high-quality video experiences to connect better and bring ideas to life. We proudly serve our growing community of nearly 300 million users — from creative storytellers to globally distributed teams at the world’s largest companies. Learn more at www.vimeo.com.

Vimeo is headquartered in New York City with offices around the world. At Vimeo, we believe our impact is greatest when our workforce of passionate, dedicated people, represents our diverse and global community. We’re proud to be an equal opportunity employer where diversity, equity, and inclusion is championed in how we build our products, develop our leaders, and strengthen our culture

💡 Quick Summary

Seeking a career-building opportunity? The Principal Product Security Engineer |India position is now open for candidates interested in the Fresher Jobs sector. This role in Bengaluru offers a professional environment and growth potential.

Requirement Snapshot: Candidates should possess basic communication skills, a proactive attitude, and the ability to work in a team. Experience in Fresher Jobs is a plus.

Sponsored

Job Details

Company Name: Livestream

Frequently Asked Questions

Click the Apply Now button on this page, login or register for free on CallCenterJob.co.in, fill in your name, mobile number, city, and experience, then submit your application. The recruiter will contact you directly.
The expected salary for Principal Product Security Engineer |India in Bengaluru is ₹18,000 - ₹28,800 (Est.) per month. Actual compensation may vary based on experience and negotiation.
No, Principal Product Security Engineer |India is an on-site position based in Bengaluru . Candidates must be able to commute or relocate to this location.
Basic communication skills, a proactive attitude, and the ability to work in a team are required for Principal Product Security Engineer |India. Previous experience in Fresher Jobs is a plus. Freshers may also apply depending on the employer's requirements.
Yes, CallCenterJob.co.in is completely free for job seekers. Never pay money to apply for any job. If anyone asks for payment to process your application, report it immediately using the "Report this Job" button.

Similar Openings

  • fresher candidate teleceller executive call center in BPO

    fresher candidate teleceller executive call center job in BPO

    Full Time / Part Time

    Salary Estimated: 19K to 22K

    Remote

    July 11, 2026


    Apply Now

  • Operations Internship in at Urban Company

    Apply on LinkedIn Operations Internship in Jaipur at Urban Company Urban Company Jaipur, Rajasthan Apply on LinkedIn 3 days agoFull–time About Urban Company Website We, at Urban Company (earlier UrbanClap), are enabling commerce for home services. Ov...

    Full Time / Part Time

    Salary Estimated: 17K to 34K

    Remote

    July 11, 2026


    Apply Now

  • Tender Executive|Female|Good in English|Fresher

    Job Location : Kolkata near Sector V Position : Tender Executive Experience : Fresher Salary : 10k to 12k per month Qualifications : Graduate Industry : Manufacturing Gender : Female Joining : As soon as possible Skills : Must be good in english and

    Full Time / Part Time

    Salary Estimated: 23K to 35K

    Remote

    July 11, 2026


    Apply Now

  • Trainee Engineer | Vi | Fresher

    One of leading telecom operator in Maharashtra, Vi (Vodafone Idea) is looking to hire a fresher as Trainee Engineer Job for fresher in Pune, Ideal candidate should recently completed degree / diploma can apply trainee job at Vodafone Idea in Pune. Po...

    Full Time / Part Time

    Salary Estimated: 19K to 25K

    Pune, Maharashtra

    July 11, 2026


    Apply Now

  • Documentation Executive

    DOCUMENTS COLLECTION AND SUBMISSION, OFFICE MAINTENANCE More about this Documentation Executive job Shashwat Wealth is aggressively hiring for the job profile of Documentation Executive for 2 open positions at Ahmedabad in Naranpura locality. Kindly ...

    Full Time / Part Time

    Salary Estimated: 21K to 24K

    Naranpura, Gujarat

    July 11, 2026


    Apply Now

  • Field Inspector |Experienced Fresher| | permanent

    Bureau Business is hiring Greetings from Bureau Business! Introduction of Bureau Business: We are Leading Business Management Consultants in various segments like Human Resources/ Third Party Inspections (TPIs)/ ISO Certification Bodies (CBs)/ Oil &a...

    Full Time / Part Time

    Salary Estimated: 15K to 18K

    Kolkata, West Bengal

    July 11, 2026


    Apply Now