Product Security Engineer

About DevRev

At DevRev, we’re building the future of work with Computer – your AI teammate. Computer is not just another tool. It’s built on the belief that the future of work should be about genuine human connection and collaboration – not piling on more apps. Computer is the best kind of teammate: it amplifies your strengths, takes repetition and frustration out of your day, and gives you more time and energy to do your best work.

How? Easy: it’s the only platform capable of…

Complete data unification

Most AI products focus on either structured data (like CRM records and support tickets), or unstructured data (like documents and emails). Computer AirSync connects everything, unifying all your data sources (like Google Workspace, Jira, Notion) into one AI-ready source of truth: Computer Memory.

Powerful search, reasoning, and action

Once connected to all your tools and apps, Computer is embedded in your full business context. It can find and summarize, sure. Even more impressive: it offers employees insights, strategic and proactive suggestions, plus powerful agentic actions.

Extensions for your teams and customers

Computer doesn’t make you choose between new software and old. Its AI-native platform lets you extend existing tools with sophisticated apps and agents. So your teams – and your customers – can take action, seamlessly. These agents work alongside you: updating workflows, coordinating across teams, and syncing back to your systems.

This isn’t just software. Computer brings people back together, breaking down silos and ushering in the future of teamwork, through human-AI collaboration. Stop managing software. Stop wasting time. Start solving bigger problems, building better products, and making your customers happier.

We call this Team Intelligence. It’s why DevRev exists.

Trusted by global companies across multiple industries, DevRev is backed by Khosla Ventures and Mayfield, with $150M+ raised. We are 650+ people, across eight global offices.

About The Role

We’re a growing SaaS startup building our security team from the ground up. We’re looking for a hands-on Product Security Engineer who enjoys breaking things (responsibly) and helping teams fix them fast.

This role is very practical and impact-driven. You’ll be embedded close to the product and engineering teams, proactively attacking our own systems before anyone else does. If you like moving fast, owning problems end-to-end, and thinking like a real attacker, this role is for you.

What You'll Do

• Actively test our SaaS product for security vulnerabilities across web apps, APIs, and cloud infrastructure.
• Perform manual security testing and targeted penetration tests (beyond automated scanners).
• Implement and help implement automated security test suites.
• Identify abuse cases, business logic flaws, and real-world attack paths.
• Work directly with engineers to reproduce issues and drive fixes.
• Help introduce lightweight security practices into the development process (threat modeling, secure design reviews).
• Validate fixes and ensure issues are fully resolved.
• Stay current on new vulnerabilities, attack techniques, and SaaS-relevant threats.

What You'll Bring

• 3–6 years of experience in application security, offensive security, or penetration testing.
• Strong understanding of web and API security (OWASP Top 10, auth, sessions, access control). Experience testing modern SaaS products.
• Comfort working in cloud environments (AWS / GCP / Azure at a practical level).
• Experience with common security testing tools (Burp Suite, Nuclei, etc.).
• Ability to communicate findings clearly and pragmatically to engineers.
• Self-starter mindset — comfortable operating with limited process and high ownership.

Preferred, But Not Required

• Startup experience or early-stage product exposure.
• Bug bounty or responsible disclosure experience.
• Secure code review experience (any major language).
• Familiarity with CI/CD and modern SDLC security.
• Offensive security certifications (OSCP, GWAPT, etc.).

Culture

The foundation of DevRev is its culture -- our commitment to those who are hungry, humble, honest, and who act with heart. Our vision is to help build the earth’s most customer-centric companies. Our mission is to leverage design, data engineering, and machine intelligence to empower engineers to embrace their customers.

That is DevRev!

Key skills/competency

• Application Security
• Offensive Security
• Penetration Testing
• Web Security
• API Security
• Cloud Security (AWS/GCP/Azure)
• Threat Modeling
• Secure SDLC
• Vulnerability Management
• Burp Suite