Senior Security Engineer

Role Overview

We are looking for a skilled and driven Senior Security Engineer to join our growing security team. This role requires a hands-on professional who can evaluate and strengthen the security posture of our applications and infrastructure across Web, Android, iOS, APIs, and cloud-native environments. The ideal candidate will also lead technical triage from our bug bounty program, integrate security into the DevOps lifecycle, and contribute to building a security-first engineering culture.

Key Responsibilities

• Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints
• Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components
• Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities
• Conduct secure code reviews and red team assessments
• Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines
• Automate security checks using tools like SonarQube, Snyk, Trivy, etc.
• Maintain and manage vulnerability scanning infrastructure
• Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes.
• Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring
• Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines
• Triage bug bounty reports and coordinate remediation with engineering teams
• Act as the primary responder for external security disclosures
• Maintain documentation and metrics related to bug bounty and penetration testing activities
• Collaborate with developers and architects to ensure secure design decisions
• Lead security design reviews for new features and products
• Provide actionable risk assessments and mitigation plans to stakeholders
  
  

Required Skills & Experience

• 5 to 8 years of solid hands-on experience in the VAPT domain
• Solid understanding of Web, Android, and iOS application security
• Experience with DevSecOps tools and integrating security into CI/CD
• Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models
• Familiarity with bug bounty programs and responsible disclosure practices
• Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc
• Good knowledge of API security
• Scripting experience (Python, Bash, or similar) for automation tasks
  
  

Preferred Qualifications

• OSCP, CEH, AWS Security Specialty, or similar certifications
• Experience working in a regulated environment (e.g., FinTech, InsurTech)