arun kumar
@arunkumar29
Staff product security engineer securing SaaS, distributed backends, and cloud-native systems with SDLC-first AppSec.
IndiaWhat I'm looking for
I’m a product security engineer with 12+ years securing SaaS platforms, distributed backend services, and cloud-native systems on AWS. I work directly inside engineering teams across the full SDLC—threat modeling and architecture review through hands-on remediation—so risk gets closed, not just reported.
At Revenera (part of Flexera), I own product security across multiple engineering teams and product lines. I set security policies and review practices that ship alongside the product, run ISO 27001-aligned governance with evidence coordination and risk treatment tracking, and deliver executive-facing updates on priorities, risks, and progress.
I’m comfortable triaging customer-reported security concerns and coordinating fixes across the right product teams. I also manage external security posture using BitSight and SecurityScorecard, and validate remediation safely with SRE and service owners—focusing on configuration hygiene, patch cadence, certificate management, and web security posture.
My current focus is securing AI and agentic systems and embedding application security into fast-moving product teams without slowing delivery down. Earlier roles strengthened my threat modeling and VAPT leadership, plus DevSecOps tool evaluations and integrations (SAST/DAST/SCA and CI/CD security), so security controls connect cleanly to engineering execution.
Experience
Work history, roles, and key accomplishments
Owned product security across multiple engineering teams by defining security policies and review practices integrated into delivery. Led ISO 27001-aligned security governance, coordinated remediation across teams, and reported security priorities and risk progress to executives.
Software Engineering Senior Analyst
Umlaut Ltd
Sep 2022 - Jun 2023 (9 months)
Led a team performing VAPT across internal and client applications. Established threat modeling and risk assessment practices for automotive clients and translated findings into risk-informed security controls.
Software Engineering Senior Analyst
Umlaut Ltd
Sep 2020 - Aug 2022 (1 year 11 months)
Owned VAPT delivery across multiple client and stakeholder applications and provided weekly/monthly security dashboards for management. Built threat modeling process and tooling, advised stakeholders on remediation, and authored RFPs for IT/OT security projects.
Ran VAPT across Infosys and public-facing applications with deep OWASP coverage across web, mobile, and cloud environments (AWS/Azure). Evaluated and deployed application security tooling on-prem with project plans and SLAs, and integrated security testing into DevSecOps and vulnerability management workflows.
Associate, Application Security
Dec 2013 - Nov 2017 (3 years 11 months)
Performed periodic web application VAPT and OWASP Top 10 testing, including authentication and authorization checks on logs flagged by CDC. Conducted asset and network discovery using Qualys and Nessus and prioritized remediation with operational teams using risk ratings.
Education
Degrees, certifications, and relevant coursework
MEPCO Schlenk Engineering College
Bachelor of Engineering, Electrical and Electronics Engineering
2009 - 2013
Bachelor of Engineering in Electrical and Electronics Engineering from MEPCO Schlenk Engineering College (2009–2013).
Availability
Location
IndiaAuthorized to work in
Job categories
Skills
Interested in hiring arun?
You can contact arun and 90k+ other talented remote workers on Himalayas.
Message arunFind your dream job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
