HCLTech
Product Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About HCLTech
HCLTech, formerly known as HCL Technologies, is a prominent Indian multinational IT services and consulting company founded in 1976. Initially focused on hardware, it developed one of India's first microcomputers in 1978 and later transitioned to software services in the early 1990s. With over 224,000 employees across 60 countries, HCLTech offers a wide range of technology services and products aimed at digital transformation, engineering, cloud solutions, AI, cybersecurity, and software development. The company provides various services, including application development, infrastructure management, and digital transformation consulting. It also specializes in engineering and R&D services, cloud solutions, and business advisory through HCL Business Consulting. HCLTech has expanded its capabilities through strategic acquisitions, including IBM's software products division, enhancing its offerings in digital experience, automation, and security. Serving diverse industries such as banking, healthcare, and telecommunications, HCLTech focuses on enabling enterprises to innovate and modernize through advanced technology solutions.
Security at HCLTech
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Stated AppSec mission: "automates security, unifies risk assessments and improves compliance"– HCLTech whitepaper (Whitepaper) . Developer enablement / working with developers: "orchestrates security workflows with developers to remediate issues efficiently at scale."– HCLTech blog . Risk philosophy: "risk-based prioritization"/ "risk-based scoring"(multiple references) – HCLTech blog . Stated pain points / goals (verbatim): "contextless noise and duplications"; "Lack of team coordination"; "Automated vulnerability management"– HCLTech blog and brochure (E-004, E-005). Gaps: No public, verbatim statement found describing a formal AppSec charter or a single-line mission from an HCLTech AppSec leader beyond product/offering descriptions. Information not publicly available.”
Key Initiatives
Security Champions Program: No public evidence of a named HCLTech "Security Champions"program found. Status: No Evidence Found. Information not publicly available. "Shift Left"in practice: "Shift left security"/ "integrate ASPM into development pipelines"/ "DecSecOps automation: Security testing Integrating with the build environment"– HCLTech blog and brochure (E-003, E-005). Vulnerability Management Process (intake, triage, remediation): "aggregate findings from SAST, DAST, penetration testing"; "vulnerability governance to track remediation progress"; "Automated vulnerability management"– HCLTech blog / ASPM content (E-003, E-002). Secure SDLC artifacts: "Secure Coding Checklist"; "Threat Modelling"; "Establishing Design Requirements"– application security brochure . Recent initiatives (Last 6 months, since): Public evidence of partnerships and platform emphasis in late 2025: "HCLTech and Zscaler Expand Partnership for AI-powered Security"(HCLTech cybersecurity services page, scraped) . Note: ASPM productization and ArmorCode partnership were published earlier in 2025 (ASPM whitepaper and blog) (E-001, E-002). If more granular internal program rollouts are required, Information not publicly available. Gaps & Contradictions: No explicit public SLAs (MTTR, ticket ownership, Jira assignment) or formal remediation SLAs found. Information not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.