KGeN - Security Engineer - Vulnerability Management

Description
What You'll Do (Key Responsibilities) :
Security Strategy & Roadmap

• Develop and execute a comprehensive security roadmap that aligns with business objectives, growth plans, and regulatory requirements.

Security Architecture & Design

• Lead the design and implementation of secure architectures for new and existing systems, applications, and infrastructure, ensuring "security by design" principles are integrated from inception.

Cloud Security Expertise

• Secure our cloud environment(s) (e.g., AWS, GCP), including IAM, network segmentation, data protection, container security (Docker, Kubernetes), and serverless security.

Application Security (AppSec)

• Establish and champion secure software development lifecycle (SSDLC) practices.
• Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Perform threat modeling, security code reviews, and manage security vulnerabilities within our applications and APIs.

Infrastructure & Network Security

• Implement and manage security controls for our core infrastructure and networks, including firewalls, IDS/IPS, WAFs, VPNs, endpoint detection & response (EDR), and vulnerability management.

Incident Response & Management

• Develop, test, and lead our incident response plan.
• Act as the primary lead for security incidents, from detection and analysis to containment, eradication, recovery, and post-mortem analysis.

Vulnerability Management & Penetration Testing

• Drive proactive vulnerability assessments and manage external penetration testing engagements and bug bounty programs.
• Perform internal penetration tests and red teaming exercises to identify and exploit weaknesses.
• Prioritize and track remediation efforts with engineering teams.
• Risk & Compliance : Identify, assess, and mitigate security risks. Ensure adherence to relevant industry standards and certifications (e.g., ISO 27001, SOC 2, PCI DSS) and navigate data privacy regulations.
• Automation & Tooling : Evaluate, implement, and automate security tools and processes to enhance efficiency and scalability (DevSecOps).
• Security Awareness & Culture : Foster a strong security-aware culture across all teams through training, guidelines, and continuous communication.
• Vendor Security Assessment : Conduct security assessments of third-party vendors and ensure their adherence to our security standards.

What We're Looking For (Required Skills & Experience)

• 3+ years of dedicated experience in a security engineering role, with at least 2 years in a lead or senior capacity, preferably in a fast-paced startup or high-growth environment.
• Deep hands-on expertise across core security domains : Cloud Security, Application Security (AppSec), Infrastructure Security, and Network Security.
• Proven experience with at least one major cloud platform (AWS or GCP) and its native security services.
• Strong understanding of secure coding principles and extensive experience with security vulnerabilities (OWASP Top 10, CWE).
• Proficiency with common penetration testing tools and frameworks such as:
• Web Application Tools : Burp Suite, OWASP ZAP, Nikto.
• Network Scanners : Nmap, Nessus, OpenVAS.
• Exploitation Frameworks : Metasploit.
• Forensics/Packet Analysis : Wireshark.
• Password Crackers : John the Ripper, Hashcat.
• Operating Systems/Distributions : Kali Linux.
• Demonstrated experience with Incident Response procedures and leading security investigations.
• Proficiency in at least one scripting language (e.g., Python, Go, Bash) for security automation and tooling.
• Excellent problem-solving skills and the ability to analyze complex technical and security challenges quickly.
• Proactive and autonomous mindset : Ability to identify security gaps, have a hacker mindset, propose solutions, and drive initiatives with minimal supervision.
• Strong communication skills : Ability to clearly articulate technical security concepts, risks, and recommendations to both technical and non-technical stakeholders.
• Passion for continuous learning and staying abreast of the latest cybersecurity trends, threats, and technologies.

Bonus Points (Nice-to-Have Skills & Experience)

• Experience in a highly regulated industry (e.g., FinTech, Healthcare, E-commerce with high transaction volumes) preferably from background in product companies.
• Experience with Web3/Blockchain security concepts, smart contract auditing, or decentralized systems.
• Relevant Security Certifications (e.g., CISSP, CISM, OSCP, CEH, CCSK, GSEC, etc.).
• Familiarity with compliance frameworks relevant to India, such as IT Act, data localization guidelines, or specific industry body regulations.
• Prior experience building, mentoring, or leading a small security team.

)