Lead Product Security Engineer at Couchbaseinc

Couchbase, the operational data platform for AI, empowers businesses to succeed by bringing data to life in new ways. Major market-leading companies rely on Couchbase for mission critical operational, analytical, mobile and AI workloads. Built to replace legacy infrastructure and fragmented data services, Couchbase empowers enterprises with a unified platform architected for performance, flexibility and global scale. With Couchbase, organizations bring their data to life, launching game‑changing customer experiences, exploring the limitless potential of AI, and seamlessly extending applications from the cloud to the edge and beyond. Couchbase’s AI‑ready technology and enterprise partnership model eliminate complexity and reduce total cost of ownership, enabling teams to stay agile, innovative and secure. Couchbase believes data should never slow you down, but act as the foundation for your next breakthrough. Discover why Couchbase is trusted to help the world’s biggest players scale, move fast and stay resilient, no matter what’s next on their roadmap. Visit couchbase.com and follow us on LinkedIn and X. Want to be part of our story? Apply today! Lead Product Security Engineer Couchbase — Bangalore, India | Information Security | Full-Time About Couchbase As industries race to embrace AI, traditional database solutions fall short of rising demands for versatility, performance, and affordability. Couchbase is leading the way with Capella, the developer data platform for critical applications in our AI world. By uniting transactional, analytical, mobile, and AI workloads into a seamless, fully managed solution, Couchbase empowers developers and enterprises to build and scale applications with unmatched flexibility, performance, and cost-efficiency—from cloud to edge. Trusted by over 30% of the Fortune 100, Couchbase is unlocking innovation, accelerating AI transformation, and redefining customer experiences. Come join our mission. The Role We are seeking a driven and versatile Senior Security Engineer / Analyst to join Couchbase's global Information Security team as our first security hire in Bangalore. This is a unique opportunity to be foundational to Couchbase's 24x7 security coverage and grow alongside a world-class security organization. You will be a broad contributor—supporting and partnering our Security Operations, GRC, Product and Application Security teams. Working closely with Engineering, Cloud, and GTM functions, you'll gain hands-on exposure across the full security lifecycle. This role is ideal for someone who thrives across disciplines, moves between strategic and tactical work with ease, and wants to help build something meaningful from the ground up. As Couchbase's security presence in Bangalore grows, you will be instrumental in expanding timezone coverage for security monitoring, incident response, and compliance operations—serving as a key link in our global, follow-the-sun security model. Key Responsibilities Security Operations • Lead and own the timezone-extended coverage for security monitoring, alert triage, and initial incident response as the primary regional point of contact for the global security model. • Drive day-to-day security operations including threat detection, monitoring, and escalation using SIEM and other security tooling. • Assist with vulnerability management workflows—identification, prioritization, and tracking remediation in collaboration with engineering and cloud teams. • Contribute to the review and improvement of existing security processes and tooling, including SIEM, DLP, endpoint security, email security, and vulnerability management platforms. • Support security incident response planning and execution, interfacing with Engineering, Cloud, and SOC teams during active incidents. • Help maintain and improve business continuity and disaster recovery documentation and runbooks. Governance, Risk & Compliance (GRC) • Contribute to GRC activities by focusing on audit evidence collection, documentation, and the continuous improvement of policies/standards under GRC team guidance. • Assist with compliance initiatives including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, CCPA, and other relevant frameworks. • Help track and document security risks, control exceptions, and remediation plans across the enterprise. • Contribute to audit evidence collection and documentation to support external assessments and certifications. • Support privacy-by-design efforts, including data privacy assessments and alignment with evolving global data regulations. • Assist in building governance frameworks for AI/ML workloads and data pipelines, ensuring responsible and compliant adoption of AI technologies. Product & Application Security • Provide support for Product/AppSec enablement efforts by assisting with the integration of application security tooling (SAST, DAST, SCA) into CI/CD pipelines. • Partner with Product Security engineers in conducting security architecture reviews and threat modeling for Couchbase's Capella cloud platform and database products. • Support the execution of static and dynamic code scan reviews and assist with triaging and tracking findings. • Contribute to the management of Couchbase's bug bounty program, including triage, validation, and researcher communication. • Assist with the planning and coordination of application penetration tests and tracking remediation of findings within defined SLAs. • Help engineering teams understand and apply secure coding principles, including OWASP Top 10 and OWASP SAMM. • Assist in completing security sections of RFP questionnaires and customer security reviews. Cross-Functional Collaboration • Build strong working relationships with Engineering, Product, Cloud, Legal, and Compliance teams to support security initiatives across the organization. • Work with customers as needed to explain security policies or address product-related security questions. • Champion a "security is everyone's job" mindset and help embed security into Couchbase's engineering-driven culture. • Contribute to security metrics and reporting to help track maturity and drive continuous improvement. Qualifications Required • 6–9 years of hands-on experience in information security spanning two or more domains: GRC, product/application security, or security operations. • Working knowledge of major compliance frameworks (SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, CCPA). • Familiarity with application security principles including OWASP Top 10, threat modeling, SAST/DAST tooling, and secure SDLC practices. • Practical experience with public cloud security on at least one of AWS, Azure, or GCP. • Experience with security tooling such as SIEM (Splunk, Rapid7, AlienVault), endpoint security (SentinelOne, CrowdStrike), or DLP platforms (Netskope, Proofpoint). • Strong written and verbal communication skills with the ability to collaborate effectively across engineering, product, and business teams. • Growth mindset, intellectual curiosity, and a genuine desire to broaden expertise across multiple security disciplines. Nice to Have • Experience with bug bounty program management, penetration test coordination, or vulnerability management. • Familiarity with CNAPP tools (Wiz, Sysdig, Prisma Cloud) or cloud-native security tooling. • Understanding of IAM, key management, encryption, and network security fundamentals. • Experience with MDM tools (Kandji, Jamf, WorkspaceOne) and automating workflows/processes. • Hands-on experience working within a GRC function on audits, risk assessments, or policy management. • Exposure to AI/ML security considerations or data governance in a cloud environment. • Industry certifications such as Security+, CISSP, CISM, CEH, or equivalent. • Bachelor's degree in Computer Science, Information Security, or a related field. Why This Role This is a rare chance to join a lean, high-caliber security team at a pivotal moment—both for Couchbase and for the Bangalore office. You won't be siloed. You'll work across GRC, product security, AppSec, and SecOps, learning from specialists in each domain while contributing meaningfully from day one. As the team grows, so will your scope and influence. Couchbase is trusted by over 30% of the Fortune 100 to power mission-critical applications. Security isn't an afterthought here—it's foundational to everything we build. At Couchbase, we believe innovation thrives when diverse perspectives are at the table. We actively encourage applications from individuals of all backgrounds—including women, people of color, LGTBQIA+ professionals, veterans, and individuals with disabilities. If you see a role that excites you, but don’t meet every qualification, we still encourage you to apply. Studies show underrepresented talent is less likely to apply unless they meet all the criteria. We encourage you to apply if you’re excited about the role and can bring strong contributions to our team. If you require reasonable accommodations during the recruitment process, please let your recruiter know—we’re happy to support you. We value diverse educational and career backgrounds. If your experience aligns with the role’s goals—even if it doesn’t follow a traditional path—we’d love to hear from you. Why Couchbase? Modern customer experiences need a flexible cloud database platform that can power applications spanning from cloud to edge and everything in between. Couchbase’s mission is to simplify how developers and architects develop, deploy and consume modern applications wherever they are. We have reimagined the database with our fast, flexible and affordable cloud database platform Capella, allowing organizations to quickly build applications that deliver premium experiences to their customers– all with best-in-class price performance. More than 30% of the Fortune 100 trust Couchbase to power their modern applications and build innovative new ones. See our recent awards to learn why Couchbase is a great place to work.We are honored to be a part of the Best Places to Work Award for the Bay Area and the UK. Couchbase offers a total rewards approach to benefits that recognizes the value you create here, so that you in turn may best serve yourself and your family. Some benefits include: • Generous Time Off Program - Flexibility to care for you and your family • Wellness Benefits - A variety of world class medical plans to choose from, along with dental, vision, life insurance, and employee assistance programs* • Financial Planning - Retirement program* and Business Travel Insurance • Career Growth - Be valued, Create value approach • Fun Perks - An ergonomic and comfortable in-office / WFH setup. Food & Snacks for in-office employees. • And much more! *Note: some programs are not applicable to all countries. Please discuss with a Couchbase recruiter to learn more. Learn more about Couchbase: News and Press Releases Couchbase Capella Couchbase Blog Investors Disclaimer: Couchbase is committed to being an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Join an impact initiative group and experience the amazing feeling of Couchbase can-do culture. By using this website and submitting your information, you acknowledge our Candidate Privacy Notice and understand your personal information may be processed in accordance with our Candidate Privacy Notice following guidelines in your country of application.