Description
Job Location
The primary work location for this role is Trivandrum with a hybrid work model.
About Envestnet
Envestnet is an adaptive WealthTech company that is redefining the future of wealth management by helping advisors meet the moment with its comprehensive technology, actionable insights, and industry leading support. Backed by over 25 years of experience and approximately $7.0 trillion in platform assets, Envestnet is trusted by over one third of financial advisors across leading banks, wealth managers, brokerages, and RIAs.
For a deeper look at how Envestnet is shaping the future of financial advice, visit www.envestnet.com.
The Team You’ll Join
The Product Security team at Envestnet partners with engineering, DevOps, and operations teams to embed security across the software development lifecycle.
We are responsible for application security, secure coding practices, and DevSecOps automation, and we perform security architecture reviews and threat modeling to identify and mitigate risk early in the design and development phases. The team also leads emerging initiatives in AI, supporting the secure and responsible adoption of AI technologies across products.
Through close cross‑functional collaboration, we help teams deliver scalable, cloud‑native products that are secure by design, aligned with industry standards, and resilient to evolving threats—while enabling engineers to build and ship software confidently at scale.
How You’ll Contribute
As a Consultant Product Security, you will guide the organization in designing and implementing secure software development practices by collaborating with development, DevOps, and operations teams to embed security throughout every phase of the software development lifecycle (SDLC). Your responsibilities will include advising on application security scans, developing tool run books, and driving automation initiatives to enhance DevSecOps programs. You will also recommend best practices and process improvements to improve the efficiency of the overall security program. Serving as a security subject matter expert, you will mentor junior engineers and provide expert guidance in the product security program by performing comprehensive security reviews and coordinating external penetration test activities, including threat modeling and application security validation. The ideal candidate will have extensive experience consulting with software development teams, deep knowledge of security-by-design and privacy-by-design principles, and familiarity with industry standards such as NIST CSF, SSDF, and OWASP. You will also evaluate and recommend security tools and platforms based on detailed assessments of control gaps and organizational needs. Your responsibilities include:
- Define and enforce secure coding standards and best practices.
- Hands on experience to perform Threat Modeling and source code analysis across various development languages (preferably in .NET and JAVA)
- Design and implement secure CI/CD pipelines with integrated security controls.
- Automate security testing (SAST, DAST, IAST, SCA, container scanning) in the SDLC process.
- Evaluate and integrate security tools and platforms
- Lead DevSecOps program in collaboration with DevOps, Operations and Engineering teams
- Build automation focused on efficiency (E.g. increase triaging efficiency, manage false positives etc.)
- Leverage ASPM and build workflows and reports
- Evaluate and integrate security tools and platforms
- Implement Infrastructure as Code (IaC) security and cloud-native security controls.
What You’ll Need to Bring
- Overall, 8 -10 years of experience in application security, software development, or related roles.
- 6+ years of work experience in Application security, preferably in a fintech or financial services domain
- Strong understanding of web, mobile, API and cloud applications & its architectures.
- Experience of code reviewing or code contributing to Java, Java Script, .Net. C#, Python, or IaC scripting.
- Hands-on experiences running SCA, SAST, DAST, IAST, SBOM, ASPM, Apigee, WAF etc., with approaches or optimizations for the tools to efficiently enforce the enterprise S-SDLC policies.
- Deep understanding of DevSecOps practices and experience in CI/CD automation for one of the popular platforms, such as Gitlab, GitHub or Azure DevOps.
- Knowledge of cloud platforms (AWS, Azure) and container orchestration (Kubernetes, Docker).
- Perspective of supporting developer tools as a security professional (E.g. integrating security tools with IDE, PR checks etc.)
Nice-to-Haves
- Certifications such as CSSLP, OSWE, or CEH.
- Exposure to AI security initiatives is an advantage
Why You’ll Enjoy Working at Envestnet
Help shape the future of WealthTech. At Envestnet you’ll gain hands-on experience and collaborate with some of the industry’s brightest minds to deliver meaningful, innovative solutions that make a real difference.
We value flexibility in how and where work gets done, and we recognize strong performance with meaningful rewards—because your contributions should drive both business success and your own personal growth. If you’re looking for a place where your work has impact, your development is supported, and your contributions are truly valued, Envestnet is where you can build your future.
The opportunity is now!
Our Investment in You
At Envestnet, our total rewards philosophy is designed to attract, motivate, and grow exceptional talent. We offer competitive, market-aligned compensation complemented with performance-linked incentives and rewards programs that recognize and reward impact.
In addition, we provide a comprehensive suite of benefits - subject to Envestnet’s plan eligibility rules - that support your overall well-being, including medical insurance for you and your family, annual health check-ups, free online doctor consultations and telemedicine services, subsidized health club memberships, and an employee assistance program. Our investment in you means supporting you professionally, financially, and personally at every stage of your journey with us.
Our Commitment to Inclusion & Belonging
Envestnet is an Equal Employment Opportunity employer and does not discriminate in employment on the basis of religion, race, color, caste, sex, gender, gender identity or expression, pregnancy, age, disability, medical condition, nationality, ethnic origin, marital status, or any other status protected under applicable Indian law. This commitment is in accordance with the Constitution of India and applicable labor and employment laws. All employment decisions are made solely based on merit, qualifications, performance, and business needs.
We strive to provide an inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation, please contact us at [email protected]. Please include your full name, the title of the role you are applying for, and the accommodation necessary to assist you with the recruiting process.
Recruitment Fraud
At Envestnet, safeguarding the trust and safety of job seekers is a top priority. We are aware that scammers may impersonate Envestnet recruiters or create fake job opportunities to deceive candidates. Review the information on our recruitment fraud awareness page to help you recognize and avoid recruitment fraud.