Senior Security Engineer

At Anaplan, we are a team of innovators focused on optimizing business decision-making through our leading AI-infused scenario planning and analysis platform so our customers can outpace their competition and the market.

What unites Anaplanners across teams and geographies is our collective commitment to our customers success and to our Winning Culture.

Our customers rank among the who's who in the Fortune 50. Coca-Cola, LinkedIn, Adobe, LVMH and Bayer are just a few of the 2,400+ global companies who rely on our best-in-class platform.

Our Winning Culture is the engine that drives our teams of innovators. We champion diversity of thought and ideas, we behave like leaders regardless of title, we are committed to achieving ambitious goals, and we love celebratingour wins – big and small.

Supported by operating principles of being strategy-led, values-based and disciplined in execution, you'll be inspired, connected, developed and rewarded here. Everything that makes you unique is welcome; join us and let's build what's next - together!

Senior Offensive Security Engineer

About the Role

As a Senior Offensive Security Engineer, you will lead offensive security efforts and own Anaplan's vulnerability management programme. This is a dual-scope role: you'll drive adversarial testing to find what's broken, and you'll run the process that ensures vulnerabilities—from your own assessments, scanners, bug bounty, and third-party audits—are tracked, prioritised, and remediated at the right pace. You'll mentor the Offensive Security Engineer and serve as a technical authority across product and platform teams.

Individual Contributor Focus

• Operates independently on complex offensive engagements and vulnerability management decisions, setting scope and priority without close supervision.
• Communicates risk and remediation trade-offs to cross-functional stakeholders at the project and product-line level, influencing engineering roadmaps where security debt is material.
• Mentors the Offensive Security Engineer and security champions across engineering, but carries no direct people management responsibility.

Responsibilities

Offensive Security

• Advanced Penetration Testing & Red Teaming: Lead complex, multi-phase penetration tests and red team exercises against Anaplan's platform, cloud infrastructure, and AI-powered products. Define engagement scope, rules of engagement, and success criteria.
• Threat Modelling & Attack Path Analysis: Conduct adversarial threat modelling for new features and architectural changes, identifying realistic attack chains that inform both offensive testing and defensive controls.
• Offensive Tooling & Capability Development: Build and maintain reusable offensive tooling, automation frameworks, and testing methodologies that scale with the platform's evolution.
• Mentorship & Technical Leadership: Guide the Offensive Security Engineer on methodology, scoping, and report quality. Raise the bar on how offensive findings translate into engineering action.

Vulnerability Management

• Programme Ownership: Own the end-to-end vulnerability management lifecycle: intake from scanners, penetration tests, bug bounty, and third-party audits; triage and risk-rating; assignment to responsible teams; tracking through to verified remediation.
• Prioritisation & Risk Calibration: Apply consistent, risk-based prioritisation that accounts for exploitability, blast radius, data sensitivity, and business context—not just CVSS scores.
• Metrics & Reporting: Define and maintain vulnerability management metrics (mean time to remediate, ageing, SLA compliance) and report trends to security leadership and engineering stakeholders.
• Process Improvement: Continuously improve the vulnerability management workflow: reduce noise, improve scanner accuracy, tighten integration with CI/CD and ticketing systems, and make it easier for engineering teams to act on findings.

Cross-Cutting

• Incident Support: Support major security incident investigations with offensive expertise—reproducing attack paths, validating exposure scope, and advising on containment.
• Stakeholder Communication: Present findings, risk assessments, and programme health to engineering leads, product managers, and security leadership with clarity and appropriate urgency.

Qualifications

• Experience: 5+ years in offensive security, penetration testing, or a combination of offensive security and vulnerability management, with increasing scope and independence.
• Offensive Depth: Proven ability to find and exploit non-trivial vulnerabilities in web applications, APIs, cloud infrastructure, or enterprise SaaS platforms. Comfortable building custom exploits and tooling.
• Vulnerability Management: Experience designing or running a vulnerability management programme—triage workflows, SLA frameworks, scanner tuning, and remediation tracking—at meaningful scale.
• Cloud & Infrastructure: Strong working knowledge of at least one major cloud provider (AWS, GCP, or Azure), including cloud-native attack surfaces, IAM misconfigurations, and container/orchestration security.
• Technical Communication: Able to write penetration test reports that engineers respect, present risk trade-offs to non-security stakeholders, and influence remediation timelines without formal authority.
• Judgement: Demonstrated ability to prioritise across competing risks—balancing offensive testing coverage, vulnerability backlog, and engineering capacity without defaulting to everything is critical.

Nice to Have

• Experience testing AI/ML-powered features or pipelines for security weaknesses.
• Track record of improving vulnerability management metrics (MTTR, SLA adherence, backlog reduction) in a product or platform engineering context.
• Offensive security certifications such as OSCP, OSWE, OSCE, CRTO, or GXPN.
• Contributions to open-source offensive tooling, published vulnerability research, or conference presentations.
• Experience with supply-chain security assessment (dependency analysis, build pipeline integrity, SBOM).

Working Model

This role is on-site at our New Delhi, India office. You will report to the Senior Manager, Product Security.

Our Commitment to Diversity, Equity, Inclusion and Belonging (DEIB)

We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce, enhances trust with our partners and customers, and drives business success. Build your career in a place where diversity, equity, inclusion and belonging aren't just words on paper – this is what drives our innovation, it's how we connect, and it contributes to what makes us a market leader. We believe in a hiring and working environment where all people are respected and valued, regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes people unique. We hire you for who you are, and we want you to bring your authentic self to work every day! 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request accommodation.  

Fraud Recruitment Disclaimer  

It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals, mainly through telephone calls, emails and correspondence, claiming they are representatives of Anaplan. The main purpose of these correspondences and announcements is to obtain privileged information from individuals.  

Anaplan does not:  

• Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person.   
• Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible and then followed up via written communication.  

All emails from Anaplan would come from an @anaplan.com email address. Should you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Anaplan, please send an email to [Confidential Information] before taking any further action in relation to the correspondence.