InfoSec Engineer

We are looking for a proactive InfoSec Engineer to strengthen the security of Ushur's SaaS platform, AI-powered applications, and cloud infrastructure. Ushur serves customers in regulated industries, where every security vulnerability carries direct regulatory and customer-trust consequences. The role sits within the InfoSec & GRC team and partners closely with engineering, product, IT and compliance counterparts. Day-to-day work spans application and AI security testing, cloud and edge defences, DevSecOps integration, and audit and compliance support.

Responsibilities

Application, Product & AI Security

• Conduct security testing for monthly releases, covering OWASP Top 10 risks for web applications, APIs, and AI-powered features.
• Perform security testing of AI and LLM-driven product features — including prompt injection (direct and indirect), insecure output handling, retrieval-augmented generation (RAG) risks, and abuse of agentic tool calls.
• Validate input/output guardrails, content safety filters, and PII/PHI detection controls applied to AI components.
• Verify tenant isolation across multi-tenant boundaries — IAM scoping, network segmentation, data segregation, and AI context separation.

Cloud & Edge Security

• Administer and tune AWS security controls including Security Hub, GuardDuty, and IAM policies.
• Operate and tune the Web Application Firewall (WAF), including Akamai WAF and AI-focused edge protections where deployed.
• Triage, prioritise, and drive remediation of cloud posture and runtime alerts from CSPM/CNAPP tooling.

Vulnerability Management & DevSecOps

• Run and tune SAST, SCA, container, and IaC scanning tools (such as Snyk) across the SDLC; monitor for CVEs, end-of-life components, and open-source licence compliance.
• Integrate security controls and automated checks into CI/CD pipelines and Kubernetes environments (Jenkins, GitHub Actions, Helm).
• Build Python-based automation for repetitive testing, evidence collection, and policy enforcement.

Compliance, Audit & Incident Response

• Generate, maintain, and present audit evidence in support of Ushur's compliance programmes (SOC 2, HITRUST, HIPAA, ISO, and AI-management standards).
• Support customer security reviews, customer audits, vendor and sub-processor assessments, and security questionnaires — coordinated by the InfoSec & GRC team.
• Scope and triage external penetration tests; validate remediations and close findings with auditor-ready evidence.
• Participate in incident response — detection tuning, runbook upkeep, tabletop exercises, and post-incident reviews.

Collaboration & Advocacy

• Translate complex security and AI-security issues into clear, actionable guidance for engineering, product, and non-technical teams.
• Partner with developers on remediation; help build a security-conscious engineering culture.

Qualifications

Required Skills and Experience

• 3–5 years in a security engineering, application security, AI security, or penetration testing role.
• Hands-on experience with VAPT, vulnerability patching, and OWASP Top 10 (web and API).
• Working knowledge of AI/LLM security risks, including OWASP Top 10 for LLMs and emerging agentic AI threats; conceptual understanding of guardrails, content safety, and prompt-injection defences.
• Proficiency in AWS security services, with familiarity in Kubernetes, CI/CD pipelines (Jenkins, GitHub Actions), and container security.
• Practical experience with SAST, SCA, container, and IaC scanning tools, and with WAF platforms.
• Operational exposure to at least one compliance programme (SOC 2, HITRUST, HIPAA, ISO 27001, or equivalent), including evidence collection and audit support.
• Strong scripting ability in Python, and comfort with Linux-based environments.
• Excellent communication, documentation, and presentation skills.

Preferred Qualifications

• Certifications such as OSCP, AWS Security Specialty, CCSP, GIAC cloud or AI-security credentials, or equivalent.
• Familiarity with infrastructure as code (Terraform, Helm) and container orchestration security.
• Experience securing AI / LLM / agentic systems in production.
• Prior experience supporting regulated SaaS environments.

Why Join Us

Thriving Company Culture

At Ushur, we foster a values-driven culture that prioritizes respect, inclusion, and collaboration. We empower every individual to thrive, contribute innovative ideas, and make a meaningful impact in a supportive and dynamic environment.

Bring Your Whole Self to Work.

We celebrate diversity and believe that innovative ideas thrive in an inclusive environment where every team member is valued. As a dynamic start-up, we recognize that every individual makes a significant impact.

Rest and Recharge.

We encourage work-life balance with 20 days of flexible paid time off annually. Your well-being matters, and we make space for it.

Comprehensive Health Benefits.

Your health is a priority. We provide preventive health check-ups, medical insurance coverage for employees and their dependents, wellness sessions, and expert-led health talks at the office.

Invest in Your Future.

We offer competitive compensation and stock options to give you a stake in Ushur's success. You'll grow with us while contributing meaningfully to our journey.

Embrace Growth.

Growth Mindset is one of our core values – we believe in lifelong learning. Employees are encouraged to explore certification courses and professional development, with reimbursement opportunities. You'll also have access to the Ushur Community's vast learning resources.

Flexible Work Options.

We recognize the need for flexibility. Depending on your role and location, we offer an in-office or hybrid work model that supports both collaboration and personal well-being.