Product Security Engineer

About DevRev At DevRev, we're building the future of work with Computer – your AI teammate. Unlike traditional tools, Computer unifies all your data sources, tools, and workflows into a single AI-ready platform, giving employees real-time insights, proactive suggestions, and powerful agentic actions. It extends your existing software with AI-native apps and agents that work alongside your teams and customers – updating workflows, coordinating across teams, and eliminating repetitive work. We call this Team Intelligence: human-AI collaboration that breaks down silos, brings people back together, and frees you to solve bigger problems. Backed by Khosla Ventures and Mayfield with $150M+ raised, DevRev is trusted by global companies across industries. About the Role: We’re a growing SaaS startup building our security team from the ground up. We’re looking for a hands-on Product Security Engineer who enjoys breaking things (responsibly) and helping teams fix them fast. This role is very practical and impact-driven. You’ll be embedded close to the product and engineering teams, proactively attacking our own systems before anyone else does. If you like moving fast, owning problems end-to-end, and thinking like a real attacker, this role is for you. What You'll Do: Actively test our SaaS product for security vulnerabilities across web apps, APIs, and cloud infrastructure. Perform manual security testing and targeted penetration tests (beyond automated scanners). Implement and help implement automated security test suites. Identify abuse cases, business logic flaws, and real-world attack paths. Work directly with engineers to reproduce issues and drive fixes. Help introduce lightweight security practices into the development process (threat modeling, secure design reviews). Validate fixes and ensure issues are fully resolved. Stay current on new vulnerabilities, attack techniques, and SaaS-relevant threats. What You'll Bring: 5+ years of experience in application security, offensive security, or penetration testing. Strong understanding of web and API security (OWASP Top 10, auth, sessions, access control).  Experience testing modern SaaS products. Comfort working in cloud environments (AWS / GCP / Azure at a practical level). Experience with common security testing tools (Burp Suite, Nuclei, etc.). Ability to communicate findings clearly and pragmatically to engineers. Self-starter mindset — comfortable operating with limited process and high ownership. Preferred, but not required: Startup experience or early-stage product exposure. Bug bounty or responsible disclosure experience. Secure code review experience (any major language). Familiarity with CI/CD and modern SDLC security. Offensive security certifications (OSCP, GWAPT, etc.).     DevRev is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.