Staff Engineer

Marsh

Pune, India

7-9 Years

Save

Posted 4 hours ago
Be among the first 10 applicants

Early Applicant

Job Description

We are seeking a talented individual to join our CIS team, a Marsh business. This role will be based in Pune/Mumbai/Noida/Gurugram (any of these). This is a hybrid role that has a requirement of working at least three days a week in the office.

Staff Engineer

At Marsh, we are reimagining how secure software is built in an AI-first world.

You will design and build next-generation security infrastructure powered by LLMs, agentic systems, and advanced program analysis, enabling developers to ship secure software by default.

You will operate as a technical leader and builder, working across the full software lifecycle to create autonomous, scalable, developer-first security systems used across hundreds of applications.

What can you expect

Lead the application development within Marsh as a technical expert and mentor
Drive security excellence through hands-on code reviews, architecture guidance, and technical leadership Create and maintain security-focused boilerplate code, libraries, and frameworks for development teams
Serve as the technical bridge between security requirements and engineering implementation
Shape the security posture of applications through deep technical involvement in the development lifecycle

What You'll Do:

AI-Driven Secure Development:

Design and build LLM-powered code review systems that identify vulnerabilities, explain risks, and generate secure patches
Develop agentic security workflows integrated into CI/CD pipelines for continuous, autonomous security validation
Build AI-assisted threat modeling systems that derive attack surfaces from architecture and code
Implement semantic code analysis combining static analysis, symbolic execution, and LLM reasoning

Security Platform Engineering:

Architect and develop security libraries, frameworks, and secure-by-default boilerplates used across engineering teams
Build self-healing pipelines that detect and remediate vulnerabilities before production
Create developer-first security tooling, including IDE integrations and AI copilots for secure coding
Design security knowledge systems (RAG/graph-based) to provide context-aware guidance to developers

Architecture & Technical Leadership:

Lead security architecture reviews for distributed systems, microservices, and cloud-native platforms
Perform advanced threat modeling and security design for new and existing applications
Influence system design to ensure security is embedded at the architectural level
Act as the technical bridge between security and engineering, translating complex requirements into scalable implementations

Advanced Security Engineering:

Apply hybrid analysis techniques, combining:
Static and dynamic analysis (SAST/DAST/IAST)
Symbolic execution and formal methods

Formal based reasoning:

Build and maintain automated security validation frameworks
Integrate security into CI/CD, infrastructure-as-code, and deployment pipelines

AI & LLM Security

Design and secure AI-native applications, addressing:
Prompt injection and jailbreak attacks
Data leakage and model misuse
Model and supply chain integrity
Develop guardrails, sandboxing, and policy enforcement for LLM-integrated systems
Establish best practices for secure integration of AI into enterprise systems

Security Champion & Engineering Leadership

Serve as a senior technical leader within the Security Champion community
Mentor engineers and guide teams on secure development practices
Drive adoption of secure-by-design principles across the organization
Lead discussions and evolution of application security standards and engineering practices

Standards, Automation & Continuous Improvement

Establish and enforce secure coding standards through automation and tooling
Lead vulnerability triage, remediation strategy, and incident response validation
Ensure alignment with OWASP Top 10, SANS Top 25, CWE, and enterprise policies
Continuously improve security posture through automation, data, and engineering innovation

What you need to have:

Bachelor's degree in Computer Science, Engineering, or equivalent technical experience
7+ years of software development experience with strong engineering fundamentals
Expert-level proficiency in multiple programming languages (JavaScript/TypeScript, Python, Java, C#, etc.)
Deep understanding of modern application architectures, microservices, and cloud platforms (Azure, AWS)
Extensive experience with CI/CD pipelines, DevOps practices, and infrastructure as code
Advanced knowledge of secure coding practices, common vulnerabilities, and security testing methodologies
Security Specialization
Advanced expertise in application security principles, practices, and industry standards
Experience with security testing tools (SAST, DAST, IAST, dependency scanning)
Deep understanding of authentication, authorization, cryptography, and secure communication protocols
Knowledge of threat modeling methodologies and security architecture patterns
Experience with security frameworks and compliance requirements (SOC 2, ISO 27001, NYDFS, etc.)
Leadership & Communication
Proven track record of leading technical initiatives and mentoring development teams
Excellent communication skills with ability to influence and educate technical and non-technical audiences
Experience working in distributed, cross-functional teams across multiple time zones
Strong problem-solving skills with ability to balance security requirements with business needs.

What makes you stand out

Technical Excellence:

Experience building platform-level systems used by multiple teams
Ability to design and implement scalable, developer-centric solutions
Deep curiosity and ability to quickly adapt to new technologies and paradigms

Innovation & Builder Mindset:

Passion for building AI-powered developer tools and infrastructure
Experience with automation-first or self-healing systems
Contributions to open source, research, or technical communities

Why join our team:

We help you be your best through professional development opportunities, interesting work and supportive leaders.
We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.

Marsh (NYSE: MRSH) is a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $24 billion and more than 90,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information, visit corporate.marsh.com, or follow us on LinkedIn and X.

Marsh is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person.