Security Engineer I

About the job

About Navi

Navi is one of the fastest-growing financial services companies in India providing Personal & Home Loans, UPI, Insurance, Mutual Funds, and Gold. Navi's mission is to deliver digital-first financial products that are simple, accessible, and affordable. Drawing on our in-house AI/ML capabilities, technology, and product expertise, Navi is dedicated to building delightful customer experiences.

Founders: Sachin Bansal & Ankit Agarwal

Know what makes you a Navi_ite :

1. Perseverance, Passion and Commitment

• Passionate about Navi's mission and vision
• Demonstrates dedication, perseverance, and high ownership
• Goes above and beyond by taking on additional responsibilities

2. Obsession with high-quality results

• Consistently creates value for the customers and stakeholders through high-quality outcomes
• Ensuring excellence in all aspects of work
• Efficiently manages time, prioritizes tasks, and achieves higher standards

3. Resilience and Adaptability

• Adapts quickly to new roles, responsibilities, and changing circumstances, showing resilience and agility

Position Summary

We are seeking a proactive and technically curious Security Engineer I to join our product security team. In this role, you will be on the front lines of defending our products, focusing heavily on Vulnerability Assessment and Penetration Testing (VAPT) across our web applications, mobile apps (iOS/Android), and backend APIs. Because we believe in scaling our defenses, a major component of this role involves writing automation to streamline repetitive testing and operational tasks. This is a fantastic opportunity for an early-career engineer who loves breaking things, writing code to build custom security tools, and collaborating with development teams to fix vulnerabilities.

Key Responsibilities

• Application Penetration Testing: Conduct routine VAPT on web applications, REST/GraphQL APIs, and mobile applications (iOS and Android) to identify security flaws before they reach production.
• Security Automation: Design, write, and maintain custom scripts and automation tools (primarily in Python, or another preferred language like Go/Bash) to streamline vulnerability scanning, log parsing, and reporting workflows.
• Vulnerability Triage & Validation: Review alerts from automated security scanners (SAST/DAST), filter out false positives, and manually validate suspected vulnerabilities.
• Developer Collaboration: Work directly with software engineering teams to clearly communicate the impact of identified vulnerabilities and provide actionable remediation guidance based on the OWASP Top 10.
• Tool Maintenance: Assist in integrating, configuring, and tuning open-source and commercial security testing tools within our deployment pipelines.
• Reporting & Documentation: Draft clear, concise penetration testing reports detailing attack vectors, proofs of concept (PoCs), and mitigation strategies.

Required Qualifications

• Experience: 0–2 years of experience in application security, penetration testing, or software engineering (including strong internships, bug bounty experience, or intensive cybersecurity programs).
• VAPT Knowledge: Hands-on understanding of the OWASP Top 10 (Web and Mobile) and the ability to manually exploit common vulnerabilities (e.g., XSS, SQLi, IDOR, improper API authorization).
• Scripting & Automation: Strong proficiency in Python (or similar languages like Go, Ruby, or Bash). You should be comfortable interacting with APIs, automating tool executions, and manipulating data via code.
• Security Tooling: Familiarity with standard penetration testing tools such as Burp Suite, OWASP ZAP, Postman, Nmap, or mobile-specific tools like MobSF.
• Core Fundamentals: Solid understanding of how the web works (HTTP/HTTPS, TCP/IP, DNS), API architectures and basic mobile application structures (APKs/IPAs).

Inside Navi

We are shaping the future of financial services for a billion Indians through products that are simple, accessible, and affordable. From Personal & Home Loans to UPI, Insurance, Mutual Funds, and Gold — we're building tech-first solutions that work at scale, with a strong customer-first approach.

Founded by Sachin Bansal & Ankit Agarwal in 2018, we are one of India's fastest-growing financial services organisations. But we're just getting started!

Our Culture

The Navi DNA

Ambition. Perseverance. Self-awareness. Ownership. Integrity.

We're looking for people who dream big when it comes to innovation. At Navi, you'll be empowered with the right mechanisms to work in a dynamic team that builds and improves innovative solutions. If you're driven to deliver real value to customers, no matter the challenge, this is the place for you.

We chase excellence by uplifting each other—and that starts with every one of us.

Why You'll Thrive at Navi

At Navi, it's about how you think, build, and grow. You'll thrive here if:

• You're impact-driven

You take ownership, build boldly, and care about making a real difference.

• You strive for excellence

Good isn't good enough. You bring focus, precision, and a passion for quality.

• You embrace change

You adapt quickly, move fast, and always put the customer first.