Senior Security Engineer

Job Title: Senior Security Engineer (Sr.SE ) Location: Bengaluru Employment Type: Full-time Team: Security Engineering Role Overview As a Senior Security Engineer, you will play a key role in strengthening the company’s overall security posture across our AI platforms, microservices, data pipelines and mobile/web products. You will design, build and automate scalable security controls that integrate seamlessly into our CI/CD pipelines and cloud infrastructure. This role demands a hands-on breaker-builder who can balance deep technical expertise with practical risk management, while collaborating with AI, product, and DevOps teams. Key Responsibilities Security Engineering & Automation - Design and implement security automation frameworks for threat detection, remediation and compliance validation across cloud and application layers. - Develop tools and scripts to enhance security visibility in AI model pipelines, APIs and data integrations. - Integrate security controls into CI/CD workflows (SAST, DAST, SCA, IaC scanning). - Worked on XDR/SIEM for automated detection and response. Application & API Security - Perform secure code reviews and threat modeling for AI microservices, REST APIs and agent frameworks. - Collaborate with developers to remediate vulnerabilities and enforce secure SDLC practices. - Lead periodic VAPT (Vulnerability Assessment & Penetration Testing) for web, mobile apps, Agentic AI platform and connected services. - Identified and mitigated vulnerabilities such as OTP bypass, data leaks in public GCS buckets and source code exposure. 1. Cloud & Infrastructure Security - Secure multi-cloud (GCP/AWS) environments using native and third-party tools. - Build and maintain IaC security baselines and automated configuration drift detection. - Configure and manage WAF for custom DDoS and bot protection. - Manage secrets, IAM and container security best practices across production workloads. - Fix misconfigurations, default credentials, and public exposures across systems like Grafana, Zookeeper, and Prometheus. AI & Data Security - Continuously monitor for compromised datasets, credentials, and model theft attempts in deep/dark web spaces. - Implement data protection mechanisms for AI training pipelines, model storage and inference endpoints. - Evaluate and mitigate prompt injection, model leakage and data exfiltration risks in AI agents. Monitoring & Incident Response - Collaborate with internal teams to improve threat detection, alert triage and response automation. - Monitor dark web and forums like Telegram/Russian marketplaces for leaked data, compromised credentials, and fake breach claims. - Build dashboards and reports for proactive risk visibility. Security Awareness & Leadership - Conduct internal security training and phishing simulations. - Mentor interns and engineers on VAPT, incident response, and secure coding. - Advocate for organization-wide adoption of DMARC, SPF, and DKIM for email protection. Compliance & Governance - Contribute to ISO 27001, SOC 2, GDPR and HIPAA security controls implementation. - Document policies, run internal audits and support external assessments. - Manage security communications with third-party vendors (Google Security, VisitHealth, PingSafe, etc.) and ethical disclosures. Key Requirements - Experience: 5-6 years in application, cloud or product security engineering. - Strong programming/scripting in Python, Go or Node.js (for automation). - Deep understanding of web and mobile security, OWASP Top 10, and secure SDLC practices. - Hands-on experience with: - Cloud security (IAM, key management, configuration monitoring, threat detection and security monitoring using tools like CSPM, CASB, SIEM, etc.) - IaC tools (Terraform, CloudFormation) - CI/CD tools (GitHub Actions, Jenkins, GitLab CI) - Strong understanding of containers (Docker, Kubernetes, EKS/GKE) - Familiar with AI model security and data privacy principles (preferred). - Knowledge of compliance frameworks like ISO 27001, SOC2, NIST or GDPR. - Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP or CKS. Soft Skills - Strong analytical and problem-solving mindset. - Excellent cross-functional collaboration. - Passion for innovation, automation and continuous learning.