"Alerted.org

Job Description

We are hiring Product Security Specialists to strengthen our product security capability across penetration testing, AI security, MCP security, mobile app security, web application security, support secure Product development and CIAM. You will drive immediate pen test needs, support global DAS pen test initiatives, help operationalize AI / MCP security controls, Mobile security and implement CIAM security best practices. This is a hands-on role that balances technical testing, engineering collaboration, and program-level activities.

Key responsibilities

• Conduct and coordinate technical penetration tests (black-box, grey-box, white-box) against web, API, cloud, and mobile applications; produce high-quality findings and remediation guidance.

• Lead/participate in Global DAS pentest initiatives and manage external pentest vendors when required.

• Lead/Design and implement mobile application security assessments (iOS/Android) including static (SAST), dynamic (DAST), and binary analysis.

• Develop and operationalize AI/ML security assessments and controls: model threat modeling, data poisoning/evasion testing, privacy and model governance checks, secure deployment patterns, and monitoring strategies.

• Design, assess, and harden CIAM implementations: threat modeling and security assessments for OAuth2/OIDC flows, token handling, session management, secure authorization patterns, and integration with providers such as Okta and Auth0.

• Support the ISO27001 ISMS platform implementation: mapping controls, configuring workflows, populating evidence, and integrating security tools into the platform.

• Provide audit support for internal and external audits (ISO27001, SOC2, etc.), including evidence collection, control testing, and remediation tracking.

• Triage, validate, and prioritize security issues with product and engineering teams; provide clear remediation action plans and risk-based prioritization.

• Create repeatable testing playbooks, threat models, secure design checklists, and automated test harnesses.

• Mentor security champions and evangelize product security best practices across engineering/product teams.

• Keep current with emerging threats, tools, and industry standards in mobile, cloud, and AI security.

This position will pay between 60-70 LPA.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

• 10+ years (Specialist) of hands-on product security experience including penetration testing and app security.

• Mobile Security: 4–5 years of hands-on experience with mobile app security (iOS/Android), including static/dynamic analysis and binary assessment.

• AI/ML Security: 3–4 years of practical experience in AI/ML security, including threat modeling, adversarial testing, secure deployment, and MLOps security.

• IT Access Management & Implementation: Proven experience with CIAM, identity protocols (OAuth 2.0, OpenID Connect), token lifecycle, PKI setup, and session management.

• Okta: Experience integrating and securing Okta or similar identity providers (configuration hardening, SSO flows, rule-based policies).

• Hands-On Engineering: Strong technical skills in penetration testing, vulnerability assessment, and remediation guidance. • Certifications: OSCP, OSWE, OSEP, GWAPT, CISSP, CEH, CREST, or relevant mobile/AI security certifications.

• DevOps & Cloud: Experience with DevOps practices, cloud platforms (AWS/Azure/GCP), container orchestration, and security automation (CI/CD, IaC scanning, SCA/SAST pipelines).

• Audit & Compliance: Experience supporting ISO27001, SOC2, or similar audit frameworks and ISMS platforms.