About Us
Skit.ai is the pioneer Conversational AI company transforming collections with omnichannel GenAI-powered assistants. Skit.ai's Collection Orchestration Platform, the world's first solution, streamlines collection conversations by syncing channels and accounts. Skit.ai's Large Collection Model (LCM), a collection LLM, powers the strategy engine to optimize interactions, enhance customer experiences, and boost bottom lines for enterprises. Skit.ai has received several awards and recognitions, including the BIG AI Excellence Award 2024, Stevie Gold Winner 2023 for Most Innovative Company by The International Business Awards, and Disruptive Technology of the Year 2022 by CCW. Skit.ai is headquartered in New York City, NY. Visit https://skit.ai/
Job Title: Senior Security Engineer (Cloud, AI & Compliance)
Location: Bangalore (100% WFO)
Work Type: Fulltime
Why this role exists
We operate a voice AI platform handling large-scale automated calls for regulated enterprises in banking and telecom. Our customers information-security teams routinely require security evidence and assurance — SAST/DAST reports, AWS GuardDuty and container-security reports, CIS Benchmark posture for AWS and Azure, LLM guardrails documentation, and mappings to standards like the OWASP Top 10 for LLMs and MITRE ATLAS.
Today this work is handled reactively across the team. We are hiring a senior, dedicated owner for security posture, AI/LLM security, and customer security assurance — someone who keeps our evidence audit-ready, hardens our cloud and containers continuously, and is the trusted point of contact for client security reviews.
What You'll Own
Cloud security posture (AWS & Azure)
- Own threat detection and posture management across AWS and Azure — AWS GuardDuty, Security Hub, Inspector, Config; Microsoft Defender for Cloud and Azure Policy.
- Establish and maintain CIS Benchmark compliance for AWS and Azure; track drift and remediate.
- Drive IAM hygiene, network segmentation, encryption, secrets management, and least-privilege access.
Container & supply-chain security
- Own container image and runtime security — scanning with Trivy / Grype, configuration auditing with Dockle and Docker Bench, and Kubernetes hardening.
- Maintain SBOMs and dependency / vulnerability scanning across services; manage remediation SLAs.
- Integrate infrastructure-as-code scanning (e.g. Checkov, tfsec) into pipelines.
Application security
- Run and operationalize SAST and DAST (e.g. SonarQube / Semgrep / Snyk; OWASP ZAP / Burp Suite); triage findings and drive fixes.
- Embed security into the SDLC — secure coding standards, PR / security review gates, secrets detection.
- Coordinate external penetration tests and own remediation tracking.
AI / LLM security
- Own the platform's LLM guardrails — content safety (e.g. Azure OpenAI content filtering), prompt-injection defenses, output validation, and grounding controls.
- Maintain mappings to the OWASP Top 10 for LLMs and MITRE ATLAS; run AI red-teaming and close gaps.
- Define guardrail-breach detection and AI-specific monitoring, in partnership with the AI engineering team.
Compliance & customer security assurance
- Be the primary point of contact for customer (banking / telecom) security questionnaires, due diligence, and audits.
- Keep a living, audit-ready evidence library: SAST/DAST summaries, GuardDuty and container-security reports, CIS posture, guardrails documentation, pen-test summaries, SBOMs.
- Support and progress formal certifications and frameworks (e.g. ISO/IEC 27001, SOC 2, NIST AI RMF, ISO/IEC 42001) and applicable regulatory expectations (e.g. PCI-DSS where payments are in scope, data-protection requirements).
Detection, monitoring & incident response
- Mature logging, alerting, and threat detection across the stack; integrate with existing observability.
- Own and rehearse incident-response runbooks; lead investigations and post-incident reviews.
- What you bring
Required
- 5+ years in security engineering, DevSecOps, cloud security, or product security, with senior ownership of security programs.
- Hands-on production security across both AWS and Azure, including native security services (GuardDuty / Security Hub / Defender for Cloud).
- Strong container and Kubernetes security — image scanning, runtime, hardening, supply-chain / SBOM.
- Application security depth — SAST/DAST, secure SDLC, secrets management, vulnerability management.
- Demonstrated experience responding to enterprise customer security reviews and audits (questionnaires, evidence packages, certification programs).
- Excellent written communication — clear security documentation for technical and non-technical audiences, including external client InfoSec teams.
Strongly Preferred
- Working knowledge of AI/LLM security — OWASP Top 10 for LLMs, MITRE ATLAS, prompt-injection and content-safety controls — or clear aptitude and intent to own this fast-evolving area.
- Experience in a regulated domain (financial services, telecom, healthcare) and with frameworks such as ISO 27001, SOC 2, NIST AI RMF, or ISO 42001.
- Familiarity with CI/CD security integration and infrastructure-as-code (Terraform).
- Relevant certifications a plus: CISSP, CCSP, AWS/Azure security specialty, CKS, OSCP.
You'll thrive here if you
- Operate independently as the dedicated owner, but partner closely with engineering and AI teams.
- Balance hands-on technical work with customer-facing assurance and documentation.
- Are pragmatic — prioritize the controls and evidence that reduce real risk and unblock customers.
Tools & technologies you'll work with
Cloud: AWS (GuardDuty, Security Hub, Inspector, Config, IAM), Azure (Defender for Cloud, Azure Policy, Azure OpenAI content safety). Containers: Docker, Kubernetes, Trivy, Grype, Dockle, Docker Bench. AppSec: SonarQube / Semgrep / Snyk, OWASP ZAP, Burp Suite. Posture & IaC: CIS Benchmarks, Checkov, tfsec. Supply chain: Syft / CycloneDX SBOMs. AI security: OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF. Secrets: managed secret store / Vault.
