Description :

Role Overview :

We are looking for a skilled and driven Senior Security Engineer to join our growing security team.

This role requires a hands-on professional who can evaluate and strengthen the security posture of our applications and infrastructure across Web, Android, iOS, APIs, and cloud-native environments.

The ideal candidate will also lead technical triage from our bug bounty program, integrate security into the DevOps lifecycle, and contribute to building a security-first engineering culture.

Key Responsibilities :

- Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints.

- Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components.

- Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities.

- Conduct secure code reviews and red team assessments.

- Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines.

- Automate security checks using tools like SonarQube, Snyk, Trivy, etc.

- Maintain and manage vulnerability scanning infrastructure.

- Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes.

- Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring.

- Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines.

- Triage bug bounty reports and coordinate remediation with engineering teams.

- Act as the primary responder for external security disclosures.

- Maintain documentation and metrics related to bug bounty and penetration testing activities.

- Collaborate with developers and architects to ensure secure design decisions.

- Lead security design reviews for new features and products.

- Provide actionable risk assessments and mitigation plans to stakeholders.

Required Skills & Experience :

- 5 to 8 years of solid hands-on experience in the VAPT domain.

- Solid understanding of Web, Android, and iOS application security.

- Experience with DevSecOps tools and integrating security into CI/CD.

- Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models.

- Familiarity with bug bounty programs and responsible disclosure practices.

- Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov.etc.

- Good knowledge of API security.

- Scripting experience (Python, Bash, or similar) for automation tasks.

Preferred Qualifications :

- OSCP, CEH, AWS Security Specialty, or similar certifications.

- Experience working in a regulated environment (e.g., FinTech, InsurTech).