Senior Security Engineer

Company Description

VeriFi. That's what KGeN is building.

The world's largest Verified Distribution Protocol—built on real users, built to accelerate your business's growth.

Since its founding by global leaders in the consumer and gaming industries, KGeN has grown to become the dominant leader in the Global South. Today, we serve 38.9M+ consumers and boast 6.6M+ monthly active users, supported by 200+ revenue partnerships across AI, DeFi and Gaming projects.

As of August 2025, our annualized revenue has surpassed $48.3M, reflecting the strength and scalability of our protocol.

KGeN's proprietary identity and reputation framework, POGE, is fed with 876M+ attributes, garnering unparalleled insights into our user base.

Role Description

This is a full-time, on-site role for a Senior Security Engineer located in the Greater Bengaluru Area. The Lead Security Engineer will be responsible for safeguarding KGeN's information systems by identifying and mitigating security threats. Daily tasks will include conducting vulnerability assessments, implementing security measures, overseeing network and application security protocols, and developing strategies to combat cyber threats. The role also involves collaborating with cross-functional teams to integrate security practices into all stages of product development.

What You'll Do (Key Responsibilities):

• Security Strategy & Roadmap:

Develop and execute a comprehensive security roadmap that aligns with business objectives, growth plans, and regulatory requirements.
- Security Architecture & Design:

Lead the design and implementation of secure architectures for new and existing systems, applications, and infrastructure, ensuring "security by design" principles are integrated from inception.
- Cloud Security Expertise:

Secure our cloud environment(s) (e.g., AWS, GCP), including IAM, network segmentation, data protection, container security (Docker, Kubernetes), and serverless security.
- Application Security (AppSec):
- Establish and champion secure software development lifecycle (SSDLC) practices.
- Conduct
Static Application Security Testing (SAST)

and
Dynamic Application Security Testing (DAST)

.
- Perform threat modeling, security code reviews, and manage security vulnerabilities within our applications and APIs.
- Infrastructure & Network Security:

Implement and manage security controls for our core infrastructure and networks, including firewalls, IDS/IPS, WAFs, VPNs, endpoint detection & response (EDR), and vulnerability management.
- Incident Response & Management:

Develop, test, and lead our incident response plan. Act as the primary lead for security incidents, from detection and analysis to containment, eradication, recovery, and post-mortem analysis.
- Vulnerability Management & Penetration Testing:
- Drive proactive vulnerability assessments and manage external penetration testing engagements and bug bounty programs.
- Perform internal penetration tests

and red teaming exercises to identify and exploit weaknesses.
- Prioritize and track remediation efforts with engineering teams.
- Risk & Compliance:

Identify, assess, and mitigate security risks. Ensure adherence to relevant industry standards and certifications (e.g., ISO 27001, SOC 2, PCI DSS) and navigate data privacy regulations.
- Automation & Tooling:

Evaluate, implement, and automate security tools and processes to enhance efficiency and scalability (DevSecOps).
- Security Awareness & Culture:

Foster a strong security-aware culture across all teams through training, guidelines, and continuous communication.
- Vendor Security Assessment:

Conduct security assessments of third-party vendors and ensure their adherence to our security standards.

What We're Looking For (Required Skills & Experience):

• 3-6 years of dedicated experience in a security engineering role,

with at least 1 year in a lead or senior capacity, preferably in a fast-paced startup or high-growth environment.
- Deep hands-on expertise

across core security domains: Cloud Security, Application Security (AppSec), Infrastructure Security, and Network Security.
- Proven experience with at least one major cloud platform

(AWS or GCP) and its native security services.
- Strong understanding of secure coding principles

and extensive experience with security vulnerabilities (OWASP Top 10, CWE).
- Proficiency with common penetration testing tools and frameworks

such as:
- Web Application Tools:

Burp Suite, OWASP ZAP, Nikto.
- Network Scanners:

Nmap, Nessus, OpenVAS.
- Exploitation Frameworks:

Metasploit.
- Forensics/Packet Analysis:

Wireshark.
- Password Crackers:

John the Ripper, Hashcat.
- Operating Systems/Distributions:

Kali Linux.
- Demonstrated experience with Incident Response

procedures and leading security investigations.
- Proficiency in at least one scripting language

(e.g., Python, Go, Bash) for security automation and tooling.
- Excellent problem-solving skills

and the ability to analyze complex technical and security challenges quickly.
- Proactive and autonomous mindset:

Ability to identify security gaps, have a hacker mindset, propose solutions, and drive initiatives with minimal supervision.
- Strong communication skills:

Ability to clearly articulate technical security concepts, risks, and recommendations to both technical and non-technical stakeholders.

Passion for continuous learning

and staying abreast of the latest cybersecurity trends, threats, and technologies.

What We Offer

• Opportunity to build and scale real products in the AI & Web3 space.
• Ownership-driven environment with room for growth and innovation.
• Competitive compensation and token-based incentives.
• Collaborative, tech-first culture with cross-domain learning opportunities.

To Apply:

Send your resume to

with the subject line: "Application – Security Engineer".