Product Security Engineer at DevRev

<div class="content-intro"><p><span style="font-size: 12pt;"><strong>About DevRev</strong></span></p> <p>At DevRev, we're building the future of work with <em>Computer</em> – your AI teammate. Unlike traditional tools, <em>Computer</em> unifies all your data sources, tools, and workflows into a single AI-ready platform, giving employees real-time insights, proactive suggestions, and powerful agentic actions. It extends your existing software with AI-native apps and agents that work alongside your teams and customers – updating workflows, coordinating across teams, and eliminating repetitive work. We call this Team Intelligence: human-AI collaboration that breaks down silos, brings people back together, and frees you to solve bigger problems. Backed by Khosla Ventures and Mayfield with $150M+ raised, DevRev is trusted by global companies across industries.</p></div><h3><strong>About the Role:</strong></h3> <p>We’re a growing SaaS startup building our security team from the ground up. We’re looking for a hands-on Product Security Engineer who enjoys breaking things (responsibly) and helping teams fix them fast.</p> <p>This role is very practical and impact-driven. You’ll be embedded close to the product and engineering teams, proactively attacking our own systems before anyone else does. If you like moving fast, owning problems end-to-end, and thinking like a real attacker, this role is for you.</p> <h3><strong>What You'll Do:</strong></h3> <ul> <li>Actively test our SaaS product for security vulnerabilities across web apps, APIs, and cloud infrastructure.</li> <li>Perform manual security testing and targeted penetration tests (beyond automated scanners).</li> <li>Implement and help implement automated security test suites.</li> <li>Identify abuse cases, business logic flaws, and real-world attack paths.</li> <li>Work directly with engineers to reproduce issues and drive fixes.</li> <li>Help introduce lightweight security practices into the development process (threat modeling, secure design reviews).</li> <li>Validate fixes and ensure issues are fully resolved.</li> <li>Stay current on new vulnerabilities, attack techniques, and SaaS-relevant threats.</li> </ul> <h3><strong>What You'll Bring:<br></strong></h3> <ul> <li>5+ years of experience in application security, offensive security, or penetration testing.</li> <li>Strong understanding of web and API security (OWASP Top 10, auth, sessions, access control).</li> <li>&nbsp;Experience testing modern SaaS products.</li> <li>Comfort working in cloud environments (AWS / GCP / Azure at a practical level).</li> <li>Experience with common security testing tools (Burp Suite, Nuclei, etc.).</li> <li>Ability to communicate findings clearly and pragmatically to engineers.</li> <li>Self-starter mindset — comfortable operating with limited process and high ownership.</li> </ul> <h3><strong>Preferred, but not required:</strong></h3> <ul> <li>Startup experience or early-stage product exposure.</li> <li>Bug bounty or responsible disclosure experience.</li> <li>Secure code review experience (any major language).</li> <li>Familiarity with CI/CD and modern SDLC security.</li> <li>Offensive security certifications (OSCP, GWAPT, etc.).</li> </ul> <p>&nbsp;</p> <p>&nbsp;</p><div class="content-conclusion"><p><em>DevRev is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.</em></p></div>