Staff Security Engineer

3 weeks ago

India Ethos Full time

About the Role:

We're looking for a Staff Security Engineer with deep technical expertise in application security, penetration testing, and offensive security practices. You will lead efforts to proactively identify and exploit vulnerabilities across our products and infrastructure, working alongside engineering and security teams to design robust defences and build security into everything we deploy.

This is a hands-on technical role with significant influence over the security posture of the company, from code to cloud.

Duties and Responsibilities:

Application Security

  • Perform code reviews, threat modelling, and architecture assessments across internal and customer-facing applications.
  • Guide engineering teams on secure design patterns, libraries, and development practices.
  • Integrate and maintain security tooling (SAST, DAST, SCA) into CI/CD pipelines.
  • Collaborate with product and engineering teams to remediate identified vulnerabilities and design secure solutions.

Penetration Testing

  • Conduct manual and automated penetration tests against Ethos Web Application, APIs, infrastructure, and cloud environments.
  • Simulate attacker behaviors to assess technical weaknesses and business risks.
  • Create detailed, developer-friendly reports with risk ratings and actionable remediation guidance.
  • Re-test findings and validate security fixes in collaboration with product owners.

Offensive Security

  • Plan and execute red team operations, simulating advanced persistent threat (APT) scenarios.
  • Develop custom tools, scripts, and exploits to test detection and response capabilities.
  • Collaborate to improve detection, logging, and incident response based on attack insights.
  • Contribute to the development of offensive security playbooks and adversary emulation plans.

Other Responsibilities

  • Mentor junior team members and evangelize security best practices across the company.
  • Participate in investigations, threat hunting, and incident response activities; build playbooks for specific incident response scenarios
  • Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
  • Support security audits, compliance efforts, and executive briefings with technical depth.

Qualifications and Skills:

Required:

  • 8+ years of experience in security engineering, penetration testing, or offensive security.
  • Strong understanding of secure coding principles, web security vulnerabilities (e.g., OWASP Top 10), and remediation techniques.
  • Proficiency in threat modeling, design reviews and security testing of various types of applications, technologies and platforms
  • Proficient in scripting and development (e.g., Python, Bash, Go, JavaScript).
  • Skilled in using tools such as Burp Suite, Metasploit, Nmap, Cobalt Strike, or custom tooling.
  • Experience with AWS cloud platform and containerized environments (Docker, Kubernetes).
  • Strong written and verbal communication skills for technical and non-technical audiences.

Preferred:

  • Certifications like OSCP, OSWE, OSEP, GXPN, or equivalent.
  • Experience with threat modeling methodologies (e.g., STRIDE, PASTA).
  • Familiarity with MITRE ATT&CK, adversary emulation, and purple teaming.
  • Contributions to security research, open-source tools, or bug bounty platforms.

  • Staff Security Engineer

    1 week ago

    India Ethos Full time

    About the Role: We're looking for a Staff Security Engineer with deep technical expertise in application security , penetration testing , and offensive security practices . You will lead efforts to proactively identify and exploit vulnerabilities across our products and infrastructure, working alongside engineering and security teams to...

  • Staff Security Engineer

    1 week ago

    India Ethos Full time

    About the Role: We're looking for a Staff Security Engineer with deep technical expertise in application security , penetration testing , and offensive security practices . You will lead efforts to proactively identify and exploit vulnerabilities across our products and infrastructure, working alongside engineering and security teams to...

  • Security Engineer

    1 week ago

    india Altered Security Full time

    We are looking for talentedSecurity Engineersto join our team!Altered Security is an information security startup with focus on edtech, hands-on learning and focused security assessments. It has offices in India and Singapore.We are experts in information security training, cyber ranges, online labs and security assessments. We have trained more than 40000+...

  • Security Engineer

    3 weeks ago

    India Altered Security Full time

    We are looking for talentedSecurity Engineersto join our teamAltered Security is an information security startup with focus on edtech, hands-on learning and focused security assessments. It has offices in India and Singapore.We are experts in information security training, cyber ranges, online labs and security assessments. We have trained more than 40000+...

  • Staff IT Network Security Engineer

    1 week ago

    india Palo Alto Networks Full time

    Our MissionAt Palo Alto Networks® everything starts and ends with our mission:Being the cybersecurity partner of choice, protecting our digital way of life.Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for...

  • Staff IT Network Security Engineer

    3 weeks ago

    India Palo Alto Networks Full time

    Our MissionAt Palo Alto Networks everything starts and ends with our mission:Being the cybersecurity partner of choice, protecting our digital way of life.Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we're looking for...

  • Staff Engineer

    1 week ago

    India Juniper Square Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    About Juniper Square Our mission is to unlock the full potential of private markets. Privately owned assets like commercial real estate, private equity, and venture capital make up half of our financial ecosystem yet remain inaccessible to most people. We are digitizing these markets, and as a result, bringing efficiency, transparency, and access to one of...

  • Senior Security Engineer

    3 weeks ago

    India Nextgen Healthcare Full time

    Job Description :- Develop and maintain security tooling, guidelines, and standards for the Security Engineering team.- Participate in threat intelligence and forensic analysis exercises, with guidance from more senior engineers.- Work closely with application and infrastructure teams on mitigation of vulnerabilities against all cloud hosted systems.- Create...

  • Staff Devops Engineer

    3 weeks ago

    India Circles Full time

    Job name - Staff DevOps EngineerLocation - Bangalore IndiaAbout CirclesFounded in 2014 Circles is a global technology company that s reimagining the telco industry with its SaaS platform Circles X and helping operators launch and operate successful brands Today Circles is partnering operators in 13 countries to deliver delightful digital experiences to...

  • Cyber Security Engineer

    2 weeks ago

    India CUS Solution Full time

    Job Summary: We are looking for a highly skilled and proactive Cybersecurity Engineer to safeguard our systems, networks, and data against internal and external threats. The successful candidate will be responsible for designing and implementing security solutions, monitoring for vulnerabilities, and responding to incidents to ensure the highest levels of...