Skip to main content
Back to jobs

Product Security Engineer 3

External
Adobe logoAdobe · Bangalore, India
Full-timeOn-siteToday
AWSAzureBashCI/CDCloud SecurityCloudFormation
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

Adobe's Product and Software Security Team is seeking a Security Engineer with deep penetration testing expertise and a strong DevSecOps background to drive both hands-on Adversarial testing and the integration of security across Adobe's software development lifecycle. The role spans security assessments of web, mobile, and desktop applications, cloud environments, AI/LLM systems, and supporting infrastructure, alongside building and operating the security guardrails embedded into CI/CD pipelines. The successful candidate will lead end-to-end engagements, deliver findings with clear risk assessments and actionable remediation, and partner with engineering teams to ship secure-by-default software at scale.

Responsibilities

  • Conduct penetration tests on AI/LLM systems (prompt injection, model poisoning, jailbreaks, etc.), web applications, APIs, mobile apps, cloud infrastructure, containers, and supporting infrastructure.
  • Identify and exploit vulnerabilities including authentication/authorization flaws, business logic issues, injection, SSRF, deserialization, and chained attacks.
  • Embed security controls into CI/CD pipelines: SAST, DAST, SCA, secrets scanning, and container/image scanning as first-class pipeline gates.
  • Design and operate DevSecOps automation across cloud environments (AWS, Azure, GCP): policy-as-code, infrastructure-as-code scanning, and automated security guardrails.
  • Develop custom scripts and tooling using Python, Go, or PowerShell to automate testing, validation, and pipeline integration.
  • Partner with engineering teams on threat modeling, security code review, and secure-by-default architecture.
  • Build the feedback loop from security findings back into preventive controls so the same class of bug doesn't ship twice.
  • Deliver clear, actionable reports and provide remediation guidance to engineering and product teams.
  • Manage the full lifecycle of penetration testing engagements from scoping to execution and delivery.
  • Research emerging AI/ML exploits, cloud-native attack techniques, and supply chain risks to stay ahead of threats.
  • Enhance testing methodologies and contribute to the internal knowledge base.

Requirements

  • 4+ years of combined experience in penetration testing and DevSecOps, with meaningful depth in both - not just one.
  • Hands-on pentest experience across web apps, APIs, mobile, and cloud environments. You can find and exploit, not just scan and report.
  • Proven track record integrating security tooling (SAST, DAST, SCA, secrets, container/image
  • scanning) into CI/CD pipelines in production environments.
  • Understanding of AI/ML security, LLM vulnerabilities, and prompt engineering attacks.
  • Strong knowledge of OWASP Top 10, OWASP API Top 10, and OWASP LLM Top 10.
  • Programming/scripting in at least one language: Python, Bash, PowerShell, Go, JavaScript.
  • Ability to read and understand source code, trace execution flows, and dynamically exploit
  • vulnerabilities during live assessments.
  • Understanding of secure coding practices and common code-level vulnerabilities.
  • Strong experience with cloud security (AWS, Azure, GCP) and containers (Docker, Kubernetes).
  • Familiarity with infrastructure-as-code (Terraform, CloudFormation) and policy-as-code
  • frameworks.
  • Knowledge of attack vectors, exploits, vulnerability exploitation, and chained attacks.
  • Strong written and verbal communication skills with ability to explain findings to technical and non-technical audiences.
  • Preferred
  • Strong academic background (Master's degree) in IT, Computer Science, or related fields.
  • Certifications: OSCP, OSWE, OSEP, GXPN, GPEN, GWAPT, CRTP, eJPT, CREST, CISSP, or
  • equivalent.
  • Published CVEs demonstrating research capability.
  • Bug bounty or Capture The Flag (CTF) experience.
  • AI/ML security research experience.
  • Advanced exploitation experience and custom tooling development.
  • Threat modeling and secure DevOps knowledge at enterprise scale.
  • Experience with AI-assisted security tooling (LLM pipelines, RAG, agentic workflows) for
  • vulnerability discovery or triage.
  • Open-source contributions or technical writing on offensive security, DevSecOps, or AI security.
  • About Adobe
  • Let's Adobe toge

Additional Information

Product Security Engineer - Devsecops

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Adobe? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect