Senior Security Engineer

About Chargebee:

Chargebee is a subscription billing and revenue management platform powering some of the fastest-growing brands around the world today, including Calendly, Hopin, Pret-a-Manger, Freshworks, Okta, Study.com and others. Thousands of SaaS and subscription-first businesses process over billions of dollars in revenue every year through the Chargebee platform.

Headquartered in San Francisco, USA, our 500+ team members work remotely throughout the world, including India, the Netherlands, Paris, Spain, Australia, and the USA.

Chargebee has raised over $480 million in capital and is funded by Accel, Tiger Global, Insight Partners, Steadview Capital, and Sapphire Ventures. And we're on a mission to push the boundaries of subscription revenue operations. Not just ours, but every customer and prospective business on a recurring revenue model.

Our team builds high-quality and innovative software to enable our customers to grow their revenues powered by the state-of-the-art subscription management platform.

Job Summary:

We are seeking a Senior Security Engineer – Software Security with 3–6 years hands-on experience in application security testing. The ideal candidate will play a critical role in ensuring the security of our applications and infrastructure by identifying, validating, and helping remediate vulnerabilities across our web applications, APIs, CI/CD pipelines, and emerging GenAI-based systems. This is a highly collaborative role, requiring strong technical expertise in secure code review, SAST, DAST, SCA,vulnerability management and an interest in securing the next generation of AI-powered applications.

Roles and Responsibilities:

• Perform manual and automated secure code reviews - primarily in Java – to identify and triage security vulnerabilities across a variety of codebases and frameworks.
• Conduct SAST (Static Application Security Testing) and SCA (Software Composition Analysis) scans, analyze and triage findings to support secure development.
• Collaborate with developers, understand the codebase and guide on secure coding practice
• Execute DAST (Dynamic Application Security Testing) on web applications and APIs.
• Perform manual and automated penetration tests on web applications, APIs, and AI-enabled Systems.
• Document findings with clear risk assessments and actionable remediation steps.
• Retest fixed vulnerabilities to confirm effective remediation and close the finding.
• Stay up to date with emerging threats, latest attack techniques, tooling, and best practices in both traditional and GenAI security domain.
• Collaborate with DevOps/Platform teams to integrate security tools into CI/CD pipelines for automated scanning and enforcement.
• Proficiency in Python or Go for automating security checks and developing custom security workflows.
• Participate in security incident analysis and remediation efforts, especially at the application level.

Must Have:

• 3 to 6 years of experience in application/product security with strong focus on penetration testing and code level security.
• Expertise in web application and API security testing, including tools like Burp Suite, OWASP ZAP, Postman, etc.
• Able to configure an automated scanner to perform successful scans.
• Proficient in using and interpreting results from SAST and SCA tools
• Strong understanding of common vulnerabilities and remediation strategies (OWASP Top 10-Web/API, SANS 25).
• Familiarity with CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins) and integrating security scans in pipelines.
• Strong written and verbal communication skills to document findings and engage with development teams.
• Ability to journal & create high quality wiki documentation for related work.
• Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments.
• Experience in operating using Agile methodologies & use of JIRA / confluence

Nice to have:

• Familiarity with security considerations in LLM-based applications and agentic AI systems, such as prompt injection or insecure plugin use.
• Certifications such as OSCP, GPEN or similar.
• Domain experience in payments / banking / platform based products.

Benefits:

Want to know what it means to work for a company that genuinely cares about you? Check out just a few of the benefits we give our employees:

We are Globally Local

With a diverse team across four continents, and customers in over 60 countries, you get to work closely with a global perspective right from your own neighborhood.

We value Curiosity

We believe the next great idea might just be around the corner. Perhaps it's that random thought you had ten minutes ago. We believe in creating an ecosystem that fosters a desire to seek out hard questions, and then figure out answers to them.

Customer Customer Customer

Everything we do is driven towards enabling our customers' growth. This means no matter what you do, you will always be adding real value to a real business problem. It's a lot of responsibility, but also a lot of fun.

If you resonate with Chargebee, have a monstrous appetite for curiosity, and an insatiable urge to learn and build new things, we're waiting for you

We value people from all backgrounds and are dedicated to hiring and employing a diverse and inclusive workplace.

Come be a part of the Chargebee tribe