AppSec Jobs
← Back to all jobs

OneTrust

Product Security Analyst

Bengaluru, Karnataka, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About OneTrust

OneTrust is a technology company based in Atlanta, Georgia, founded in 2016 by Kabir Barday. The company specializes in software solutions that assist organizations in managing privacy, security, data governance, and responsible AI compliance. Initially focused on global privacy regulations like GDPR and CCPA, OneTrust has expanded its offerings to include third-party risk management, ethics, whistleblowing, and environmental, social, and governance (ESG) tracking. As a software-as-a-service (SaaS) provider, OneTrust delivers an integrated platform designed to simplify compliance and risk management processes. Its product suite features tools for privacy management, data discovery, security assurance, AI governance, and carbon footprint tracking. OneTrust has grown through strategic acquisitions, enhancing its capabilities and market reach. The company serves over 14,000 organizations globally, including 75% of the Fortune 100 and half of the Fortune Global 500, highlighting its leadership in privacy and compliance technology.

Industry

information technology & services

Employees

2,300

583 engineers

Revenue

$500M

Website

Visit →

Security at OneTrust

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • OneTrust's application security philosophy includes maintaining a documented vulnerability management program and utilizing the OWASP Top Ten as a web application vulnerability framework.
  • They emphasize integrating security into development by requiring secure coding training for developers and mandatory code review before merging, preventing unreviewed code from reaching production.
  • The company also acknowledges that "Security is often siloed"and aims for "establishing a trust-based cybersecurity program".

Security Team

OneTrust operates an internal Application Security Team. However, information regarding the team's explicit organizational chart placement, reporting lines (e.g., to CISO or CTO), public-facing leaders, or definitive team size estimates is not publicly available.

Key Initiatives

OneTrust's AppSec initiatives include internal application security teams performing rotating penetration testing, annual external third-party penetration testing, and attack surface monitoring. They maintain a documented vulnerability management program with automated vulnerability scanning at a regular cadence. Security is integrated into the SDLC through mandatory developer secure coding training, code review before merge, and the use of DAST, SAST, and SCA by product security roles. Furthermore, OneTrust's tech-risk strategies involve automating evidence collection, maintaining an evergreen asset inventory, and automating vulnerability assessment workflows for third parties. Specific details on public SLAs, MTTR targets, or ticketing workflows for vulnerability triage and remediation are not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.