Staff Security Engineer

2 days ago

India Ethos Full time

About the Role:

We're looking for a Staff Security Engineer with deep technical expertise in application security, penetration testing, and offensive security practices. You will lead efforts to proactively identify and exploit vulnerabilities across our products and infrastructure, working alongside engineering and security teams to design robust defences and build security into everything we deploy.

This is a hands-on technical role with significant influence over the security posture of the company, from code to cloud.

Duties and Responsibilities:

Application Security

  • Perform code reviews, threat modelling, and architecture assessments across internal and customer-facing applications.
  • Guide engineering teams on secure design patterns, libraries, and development practices.
  • Integrate and maintain security tooling (SAST, DAST, SCA) into CI/CD pipelines.
  • Collaborate with product and engineering teams to remediate identified vulnerabilities and design secure solutions.

Penetration Testing

  • Conduct manual and automated penetration tests against Ethos Web Application, APIs, infrastructure, and cloud environments.
  • Simulate attacker behaviors to assess technical weaknesses and business risks.
  • Create detailed, developer-friendly reports with risk ratings and actionable remediation guidance.
  • Re-test findings and validate security fixes in collaboration with product owners.

Offensive Security

  • Plan and execute red team operations, simulating advanced persistent threat (APT) scenarios.
  • Develop custom tools, scripts, and exploits to test detection and response capabilities.
  • Collaborate to improve detection, logging, and incident response based on attack insights.
  • Contribute to the development of offensive security playbooks and adversary emulation plans.

Other Responsibilities

  • Mentor junior team members and evangelize security best practices across the company.
  • Participate in investigations, threat hunting, and incident response activities; build playbooks for specific incident response scenarios
  • Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
  • Support security audits, compliance efforts, and executive briefings with technical depth.

Qualifications and Skills:

Required:

  • 8+ years of experience in security engineering, penetration testing, or offensive security.
  • Strong understanding of secure coding principles, web security vulnerabilities (e.g., OWASP Top 10), and remediation techniques.
  • Proficiency in threat modeling, design reviews and security testing of various types of applications, technologies and platforms
  • Proficient in scripting and development (e.g., Python, Bash, Go, JavaScript).
  • Skilled in using tools such as Burp Suite, Metasploit, Nmap, Cobalt Strike, or custom tooling.
  • Experience with AWS cloud platform and containerized environments (Docker, Kubernetes).
  • Strong written and verbal communication skills for technical and non-technical audiences.

Preferred:

  • Certifications like OSCP, OSWE, OSEP, GXPN, or equivalent.
  • Experience with threat modeling methodologies (e.g., STRIDE, PASTA).
  • Familiarity with MITRE ATT&CK, adversary emulation, and purple teaming.
  • Contributions to security research, open-source tools, or bug bounty platforms.

  • Backend Engineer

    4 weeks ago

    India Grow Your Staff Full time

    Grow Your Staff is looking for a Backend Engineer for a Computer Software firm in Germany. The position is a full-time remote opportunity.The role will have excellent growth opportunities. You will work directly with the team based in Germany.Experience required: 5 years+ CTC: 15-20 LPALocation: RemoteResponsibilities:Develop and maintain backend services...

  • Security Engineer

    4 weeks ago

    India TPI Global Solutions Full time

    JOB TITILE: Security Engineer Level 3 – GRC Tech SolutionsLOCATION: 100 % RemoteJOB TYPE: ContractCONTRACT LENGTH: 6 monthsTIME: 8:30 PM to 5:30 AM ISTResponsibilities:We're looking for a "Security Engineer" with a tech-first mindset that can help grow and enhance Cybersecurity and Privacy Organization. We work to make technology the easiest part of our...

  • Security Engineer

    4 weeks ago

    India TPI Global Solutions Full time

    JOB TITILE: Security Engineer Level 2 – GRC Tech Solutions LOCATION: 100 % Remote JOB TYPE: Contract CONTRACT LENGTH: 6 months TIME: 8:30 PM to 5:30 AM ISTResponsibilities: We're looking for a "Security Engineer" with a tech-first mindset that can help grow and enhance client's Cybersecurity and Privacy Organization.As an Engineer supporting the...

  • Cyber Security Engineer

    2 days ago

    India CUS Solution Full time

    Job Summary: We are looking for a highly skilled and proactive Cybersecurity Engineer to safeguard our systems, networks, and data against internal and external threats. The successful candidate will be responsible for designing and implementing security solutions, monitoring for vulnerabilities, and responding to incidents to ensure the highest levels...

  • Security Engineer

    4 weeks ago

    India TPI Global Solutions Full time

    JOB TITILE: Security Engineer Level 3 – GRC Tech SolutionsLOCATION: 100 % RemoteJOB TYPE: ContractCONTRACT LENGTH: 6 monthsTIME: 8:30 PM to 5:30 AM ISTResponsibilities:We're looking for a "Security Engineer" with a tech-first mindset that can help grow and enhance Cybersecurity and Privacy Organization. We work to make technology the easiest part of our...

  • Security Engineer

    2 days ago

    India R Systems Full time

    Job Title: Security Engineer – Email Security Specialist Location: Remote Experience Required: 5 to 10 years Job Summary: We are seeking a highly skilled and experienced Security Engineer with deep expertise in email security , specifically with Mimecast and Cofense Triage & Vision . The ideal candidate will play a critical role in protecting our...

  • Cyber Security Engineer Urgent

    1 day ago

    India CUS Solution Full time

    Job Summary:We are looking for a highly skilled and proactive Cybersecurity Engineer to safeguard our systems, networks, and data against internal and external threats. The successful candidate will be responsible for designing and implementing security solutions, monitoring for vulnerabilities, and responding to incidents to ensure the highest levels of...

  • Security Engineer

    1 day ago

    India beBeeDatabase Full time ₹ 29,95,000 - ₹ 34,99,000

    Job OpportunityWe are seeking a mid-level database security engineer to support our initiatives. This role requires hands-on experience with Imperva Database Security, flexibility to work overnight shifts, and the ability to collaborate with customers and internal teams.Key ResponsibilitiesConfigure and implement Imperva Database Security solutions across...

  • Security Trust Engineer

    4 weeks ago

    India RingCentral Full time

    Say hello to possibilities.It's not every day that you consider starting a new career challenge.RingCentral, Inc. (NYSE: RNG) is a global leader in cloud-based communications and collaboration software. We are fundamentally changing the nature of human interaction—giving people the freedom to connect powerfully and personally from anywhere, at any time, on...

  • Full-Stack Web Engineer

    2 days ago

    India Security Impossible Full time

    We're building a cloud-based web application designed to manage and orchestrate virtual environments through an intuitive admin interface. This is not just another admin dashboard — it's a mission-critical orchestration tool , built with a focus on scalability , security , and workflow automation . The platform must support high-volume...