Security Engineer

Signzy is a digital trust system. We provide identification, background checks, forgery detection

and contract management systems which enable contracting in a trustable, safe, legal, and

convenient manner. Our biometric user authentication system and blockchain-based digital trail

ensure non-repudiation. This increases compliance and enforceability in the court of law. We

consist of a tech-savvy team and are backed by investors who are enthusiastic about creating

solutions with technology.

Working at Signzy

● At Signzy we breathe software and exploit the latest technologies to create the most

amazing products. We comprise a tech-savvy team and are backed by investors who are

enthusiastic about creating solutions using technology.

● Signzy is looking for an Security Engineer . If you think you have what it

takes to get the job done, this is an invitation to be a part of the future

JD for Security Engineer-1 Role

Responsibilities:

Application Security

• Perform
  secure code reviews
  , threat modeling, and static/dynamic application security testing (SAST/DAST).
• Integrate and maintain automated scanning tools (e.g., Semgrep, Snyk, Trivy, Gitleaks) in CI/CD pipelines.
• Collaborate with developers to remediate vulnerabilities and embed security in SDLC.
• Guide on secure architecture patterns (authentication, authorization, data encryption, API security, mobile app protections like SSL pinning and mTLS).

Infrastructure & Cloud Security

• Harden cloud infrastructure (AWS/GCP/Azure), including IAM, VPC design, encryption, and network segmentation.
• Implement infrastructure-as-code security checks for Terraform, Helm, and Kubernetes deployments.
• Conduct
  internal and external penetration tests
  , configuration reviews, and vulnerability management for servers, containers, and endpoints.
• Support continuous monitoring (WAF, SIEM, EDR/MDM) and incident response

Security Assessments & Compliance

• Lead
  periodic security assessments
  : vulnerability assessments, penetration testing, firewall rule reviews, user-access audits, and network segmentation reviews.
• Document findings, track remediation, and provide risk-based recommendations.
• Assist with evidence gathering for ISO 27001, SOC 2, PCI-DSS, GDPR, and internal security audits.

Continuous Improvement

• Research emerging threats (e.g., supply-chain attacks, npm/package ecosystem risks) and recommend mitigations.
• Contribute to security runbooks, policies, and developer awareness sessions.

Qualification

Must Have

• 2–4 years
  of experience in application or infrastructure security engineering.
• Strong understanding of web/mobile security, OWASP Top 10, cloud security fundamentals, and Linux/Unix systems.
• Hands-on experience with CI/CD pipelines and common security tools (SAST, DAST, container scanners, SIEM/EDR).
• Hands-on with
  SAST/DAST tools
  (e.g., Burp Suite, OWASP ZAP, Semgrep, Fortify)
• Knowledge of
  network & OS hardening
  (Linux, cloud workloads).
• Experience with
  internal and external penetration testing
  methodologies.
• Familiarity with common tools: Nmap, Metasploit etc.,
• Hands on experience with Mobile application security testing [Android and iOS]
• Familiarity with threat modeling frameworks (STRIDE, MITRE ATT&CK) and SBOM management.
• Scripting or programming skills (Python, Go, Bash) for automation and custom tooling.
• Should have fundamental knowledge of cloud environments
• Security-first mindset with curiosity and analytical thinking.
• Ability to review
  firewall rules, ACLs, and security groups
  for least-privilege.
• Understanding of
  network segmentation
  and zero-trust principles.
• Ability to translate complex vulnerabilities into actionable, developer-friendly guidance.
• Collaborative approach to working with engineering, DevOps, and compliance teams.
• Strong reporting & documentation skills (writing assessment reports).
• Knowledge of security standards (ISO 27001, NIST 800-53, CIS Benchmarks).

Good to Have

• Container & K8s Security
  : Familiarity with Trivy, Falco, Kubescape, Kyverno.
• IaC Security
  : Experience with Terraform/CloudFormation scanning (Checkov, Tfsec).
• DevSecOps Integration:
  Embedding security tests into CI/CD (GitLab, GitHub Actions, Jenkins).
• Advanced API Security
  : Hands-on with API gateways (Kong, Apigee, AWS API Gateway) and WAF tuning.
• Cloud-Native Security
  : Experience with GuardDuty, Security Hub, AWS Config, GCP SCC.
• Emerging Areas
  : AI/ML model security.
• Certifications
  (good-to-have, not must)
  : OSCP or Cloud Security certs (AWS Security Specialty).