Job Description
Role Overview:
The Product Security DevSecOps Engineer is a hands-on technical role responsible for ensuring the technologies that support the Secure Development Lifecycle (SDLC) are secure, correctly configured, and operating effectively at scale. This role owns the product security tooling ecosystem and secure build environment, working closely with Engineering, DevOps, and Product Security teams to embed security into CI/CD pipelines with minimal friction and maximum risk reduction.The ideal candidate is highly comfortable in developer and build environments, understands how software is built and shipped, and focuses on improving signal quality, adoption, and overall security outcomes through tooling, automation and build hardening.
This is a Hybrid position located at our Bangalore, India development center. You will be required to be on-site 2 to 3 days per week. When you are not working on-site, you will be working from your home office. We are only considering candidates within a commutable distance to our Bangalore office and are not offering relocation assistance at this time.
About the Role:
- You will own, operate and optimize the Product Security tech stack, building and maintaining security controls that integrate seamlessly across CI/CD pipelines.
- You will champion shift-left security practices across engineering teams working on microservices, mobile and thick client applications, ensuring consistent scanning, policy enforcement, and artifact integrity.
- You will drive and build pipeline hardening, ensuring CI/CD environments are securely configured, protected from supply chain and pipeline risks.
- You will collaborate with Engineering , DevOps to embed security tooling and hardened build practices into CI/CD workflows, while running hygiene and improvement campaigns such as dependency cleanup and policy adoption.
- You will build automation for scan execution, triage, ticketing, and security metrics and reporting while supporting product security incidents by rapidly assessing exposure across repositories, pipelines, and published artifacts.
About You:
- 5 –7 years of hands-on experience integrating security testing tools such as SAST (e.g., CodeQL, Checkmarx), DAST (e.g., Burp Suite), and SCA (e.g., Snyk, Dependabot) into build pipelines.
- You should have strong experience in software engineering, build or DevOps environments, including Git/GitHub, CI/CD, and artifact repositories.
- You should have hands-on experience with CI/CD tools such as GitHub Actions, Jenkins, Harness or Terraform, along with familiarity with cloud platforms like AWS, Azure or GCP.
- You should have a solid understanding of software supply chain security, secure build risks and be comfortable working directly with developers and product security teams to drive adoption and risk reduction.
- You should be a practical, clear communicator with strong automation, continuously improving mindset and a passion for enabling secure-by-default development through better tooling and hardened builds.
#LI-Hybrid
Company Overview
McAfee is a leader in personal security for consumers. Focused on protecting people, not just devices, McAfee consumer solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protects their families and communities with the right security at the right moment.
Company Benefits and Perks:
We work hard to embrace diversity and inclusion and encourage everyone at McAfee to bring their authentic selves to work every day. We’re proud to be Great Place to Work® Certified in 10 countries, a reflection of the supportive, empowering environment we’ve built where people feel seen, valued, and energized to reach their full potential and thrive.
We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
- Bonus Program
- Pension and Retirement Plans
- Medical, Dental and Vision Coverage
- Paid Time Off
- Paid Parental Leave
- Support for Community Involvement
We're serious about our commitment to diversity which is why McAfee prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.