Security Engineer

Role - Security Engineer

Experience - 3-6 yrs

Location - Bangalore

Required Skills & Experience:

3 to 6 years of solid hands-on experience in the VAPT domain

Solid understanding of Web, Android, and iOS application security

Experience with DevSecOps tools and integrating security into CI/CD

Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models

Familiarity with bug bounty programs and responsible disclosure practices

Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc

Good knowledge of API security

Scripting experience (Python, Bash, or similar) for automation tasks

Preferred Qualifications:

OSCP, CEH, AWS Security Specialty, or similar certifications

Experience working in a regulated environment (e.g., FinTech, InsurTech)

Responsibilities:

Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints

Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components

Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities

Conduct secure code reviews and red team assessments

Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines

Automate security checks using tools like SonarQube, Snyk, Trivy, etc.

Maintain and manage vulnerability scanning infrastructure

Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes.

Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring

Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines

Triage bug bounty reports and coordinate remediation with engineering teams

Act as the primary responder for external security disclosures

Maintain documentation and metrics related to bug bounty and penetration testing activities

Collaborate with developers and architects to ensure secure design decisions

Lead security design reviews for new features and products

Provide actionable risk assessments and mitigation plans to stakeholders