Tajinder Singh

Profile

Product security leader with 12+ years of experience in application security, DevSecOps, and secure SDLC implementation. Currently focused on AI/ML security — securing LLM-powered applications, building guardrails for generative AI systems, and defining governance frameworks for responsible AI deployment. Expert in building and scaling security programs across global platforms. Proven track record leading cross-functional teams, driving shift-left security initiatives, and embedding security governance from design through deployment.

Experience

Global Fashion Group

Berlin, Germany

Head of Product Security

Jun 2023 - Feb 2026

  • Defined and executed a global product security strategy aligned with business objectives, significantly reducing critical vulnerabilities across all regional platforms.
  • Established a Security Champions program across engineering teams, driving measurable reduction of critical issues.
  • Led security governance initiatives including regular threat landscape reporting and security posture updates to C-suite and senior leadership.
  • Designed and maintained an enterprise security awareness program using phishing simulation platforms, fostering a culture of security across the organization.
  • Directed evaluation and PoC initiatives for DevSecOps tooling — SCA, SAST, DAST, zero trust network access, and container security.
  • Spearheaded AI security initiatives — developed threat models for LLM-integrated features, established prompt injection testing frameworks, and defined security guardrails for generative AI deployments.
  • Led AI security exercises to identify adversarial attack vectors in ML pipelines, including data poisoning, model evasion, and insecure model serialization risks.
  • Authored internal AI security guidelines aligned with OWASP Top 10 for LLM Applications.
  • Oversaw vulnerability remediation programs leveraging vulnerability scanning and EDR platforms.
  • AI/ML Security
  • DevSecOps
  • Threat Modeling
  • Security Strategy
  • SAST
  • DAST
  • SCA

Senior Security Engineer

Nov 2019 - Jun 2023

  • Led implementation of a secure development lifecycle, substantially improving time-to-fix and embedding security best practices from design to deployment.
  • Deployed continuous monitoring and application security tooling across the full application portfolio.
  • Integrated SAST, DAST, and SCA into CI/CD pipelines, enabling shift-left security.
  • Implemented WAF rules and ingested logs into SIEM, ensuring robust protection and real-time threat visibility.
  • Conducted threat modeling sessions and secure architecture reviews for product teams.
  • Presented regular security metrics, vulnerability trends, and remediation progress to senior leadership.
  • SAST
  • DAST
  • SCA
  • WAF
  • SIEM
  • CI/CD
  • Threat Modeling

PayTM

Noida, India

Senior Security Engineer

Aug 2016 - Sep 2019

  • Significantly reduced API vulnerabilities through automated API security testing tools and secure coding practices.
  • Designed secure authentication framework, substantially decreasing account compromise incidents.
  • Conducted regular red team exercises, uncovering and mitigating critical security gaps across payment infrastructure.
  • Integrated static and dynamic code analysis into CI/CD pipelines.
  • Implemented secure payment protocols in collaboration with product teams, strengthening fraud prevention.
  • Established secure SDLC process across engineering teams.
  • API Security
  • Red Teaming
  • Secure SDLC
  • CI/CD
  • Payment Security

Freshworks

Chennai, India

Security Engineer

Feb 2015 - Aug 2016

  • Performed security assessments on SaaS platform, identifying and prioritizing vulnerabilities for remediation.
  • Contributed to secure development practices and security awareness initiatives for engineering teams.
  • SaaS Security
  • Vulnerability Assessment
  • Security Awareness

NT Global

Kigali, Rwanda

Cyber Security Trainer

Jul 2014 - Oct 2014

  • Delivered cybersecurity training and awareness programs to enterprise clients across East Africa.
  • Designed and conducted hands-on security workshops covering threat identification and defensive strategies.
  • Security Training
  • Workshops

Education

Master's in Computer Science

2012 - 2014

Lovely Professional University, Jalandhar, India

  • Coursework in Advanced Cryptography, Network Security, Intrusion Detection Systems, and Digital Forensics
  • Graduated with Honors (GPA: 8.35/9.0)
  • Thesis: Android Apps Forensics — mobile data extraction and decryption using open-source tools

Bachelor's in Computer Science

2008 - 2012

Lovely Professional University, Jalandhar, India

  • Coursework in Operating Systems, Computer Networks, Data Structures, Cryptography, and Web Application Security
  • Delivered cybersecurity seminars at 14 universities across India
  • Participated in DEFCON, NCDRC, and HATCON conferences

Skills

    • Security
    • Application Security
    • AI/ML Security
    • Threat Modeling
    • Red Teaming
    • Penetration Testing
    • Incident Response
      Tools & Platforms
    • SAST / DAST / SCA
    • WAF
    • SIEM
    • EDR
    • Docker
    • AWS
      Development
    • CI/CD Security
    • Secure SDLC
    • API Security
    • Cloud Security
    • Zero Trust
      Frameworks
    • OWASP Top 10
    • OWASP LLM Top 10
    • NIST
    • ISO 27001

Languages

  • English
    Fluent
  • Hindi
    Native
  • Punjabi
    Native
  • German
    Basic

Recognitions

  • Bug Bounty Recognition — Google Vulnerability Rewards Program (VRP), 2023
  • Cyber101x, Cyberwar, and Security — University of Adelaide / edX, 2022
  • Certified Ethical Hacker (C|EH) — EC-Council, 2010

Interests

  • Cybersecurity
  • AI/ML Security
  • Open Source
  • CTF Competitions