Senior Security Engineer
2 weeks ago
What's exciting waiting for you?
- This is an amazing opportunity for you to join a fantastic crew before the rocket ship launch.
- It will be a story you will carry with you through your life and have the unique experience of building something ground up and have the satisfaction of seeing your product being used and paid for by thousands of customers.
- You will be a part of a growth story in securing critical payment infrastructure that spans both application security and cloud security across 70+ markets.
About the Senior Security Engineer Role
- As a Senior Security Engineer, you will play a pivotal role in securing our entire technology stack - from application-level security to cloud infrastructure protection.
- You will lead comprehensive security initiatives across our AWS cloud environments and payment applications built with and GoLang microservices, while leveraging AWS security services and modern security tools to protect against evolving threats. This role combines deep technical expertise in both application security and cloud security with leadership responsibilities.
Key Responsibilities
Application Security Leadership
- Lead comprehensive security assessments of microservices-based applications built with GoLang, Java, or Scala
- Conduct advanced security reviews of and ReactJS frontend applications and their integration with backend services
- Execute expert-level manual and automated web application penetration testing using industry-standard methodologies (OWASP Testing Guide, PTES)
- Design and implement vulnerability scoring and risk assessment frameworks using CVSS, OWASP Risk Rating, and custom business impact metrics
- Utilize govulncheck for Go-specific vulnerability detection and dependency analysis across microservices
- Deploy Semgrep/OpenGrep for advanced static code analysis and custom security policy enforcement
Integrate Gitleaks for comprehensive secret detection across development workflows
Lead secure development lifecycle (SDLC) integration and establish security standards for development teams
- Perform complex web application penetration testing including authentication bypass, authorization flaws, injection attacks, and business logic vulnerabilities
AWS Cloud Security Architecture
- Design and implement enterprise-level security architecture for AWS cloud environments
- Configure and optimize AWS Shield (Standard and Advanced) for comprehensive DDoS protection
- Implement and manage AWS CloudFront security configurations including advanced WAF rules, SSL/TLS, and origin protection
- Secure complex AWS services including EC2, ECS, EKS, Lambda, RDS, S3, API Gateway, and multi-region deployments
- Design network security controls using VPC, Security Groups, NACLs, AWS Transit Gateway, and PrivateLink
- Establish and lead secure CI/CD pipeline implementations for applications and GoLang microservices
- Architect container security solutions for Docker and Kubernetes (EKS) environments
Security Automation & Monitoring
- Implement comprehensive security monitoring using AWS CloudTrail, GuardDuty, and Security Hub
- Deploy and manage Prowler for continuous AWS security assessments and compliance validation
- Utilize ScoutSuite for multi-cloud security posture management and configuration auditing
- Configure Gitleaks for continuous secret monitoring across enterprise development workflows
- Implement Semgrep/OpenGrep rules for real-time security vulnerability detection and policy enforcement
- Lead automation initiatives using Infrastructure as Code (Terraform, CloudFormation, AWS CDK)
- Develop advanced security automation scripts and frameworks using Python, Bash, and AWS SDKs
- Create comprehensive security dashboards and executive reporting mechanisms
Vulnerability Management & Risk Assessment
- Lead enterprise vulnerability management programs with comprehensive scoring using CVSS v3.1, OWASP Risk Rating, and custom business impact assessments
- Develop sophisticated risk scoring matrices incorporating technical severity, business impact, exploitability, and regulatory requirements
- Create detailed penetration testing reports with executive summaries, technical findings, and strategic remediation roadmaps
- Establish vulnerability SLA metrics and track remediation timelines based on risk scores and business priorities
Conduct root cause analysis (RCA) on complex security incidents and implement preventive measures
Lead threat modeling sessions and strategic risk assessments for new features and infrastructure changes
- Mentor junior security engineers and provide technical guidance on vulnerability remediation
Compliance & Regulatory Security
- Ensure comprehensive compliance with financial industry regulations (PCI DSS, SOX, GDPR, PSD2)
- Lead compliance audits and regulatory assessments using Prowler for AWS compliance validation
- Implement ScoutSuite for comprehensive multi-cloud security auditing
- Design and maintain data protection controls for sensitive payment processing workloads
- Develop and maintain disaster recovery and business continuity security plans
- Lead security aspects of vendor risk assessments and third-party integrations
- Represent security requirements to business leadership and regulatory bodies
Technical Leadership & Strategy
- Serve as technical security leader for complex cross-functional projects
- Influence security strategies, standards, and architectural decisions across the organization
- Lead security initiatives and mentor junior engineers on advanced security practices
- Participate in strategic security planning and technology evaluation
- Drive security culture transformation and champion security best practices
- Represent security needs to executive leadership and board-level communications
Required Qualifications
Experience
- 8+ years of experience in information security with demonstrated expertise in both application security and cloud security
- Extensive experience securing microservices architectures, particularly those built with GoLang, Java, or Scala
- Advanced experience with AWS cloud security including Shield, CloudFront, and comprehensive security service management
- Expert-level web application penetration testing experience including complex business logic vulnerabilities and multi-tier architectures
- Proven leadership in vulnerability scoring and risk assessment using industry-standard frameworks
- Hands-on expertise with security automation tools: govulncheck, Gitleaks, Semgrep/OpenGrep, Prowler, ScoutSuite
- Strong experience securing applications and modern JavaScript frameworks , ReactJS)
- Experience leading security teams and influencing organizational security strategy
Technical Skills
- Expert-level proficiency in AWS security services including Shield, CloudFront, GuardDuty, Security Hub, WAF, and comprehensive service portfolio
- Advanced application security expertise across GoLang, Java, Scala, , , and ReactJS technologies
- Mastery of security automation tools: govulncheck (Go vulnerability scanning), Gitleaks (secret detection), Semgrep/OpenGrep (static analysis), Prowler (AWS security assessment), ScoutSuite (multi-cloud auditing)
- Expert-level web application penetration testing skills using advanced tools and custom exploitation frameworks
- Comprehensive knowledge of vulnerability scoring frameworks including CVSS v3.1, OWASP Risk Rating, and FAIR methodology
- Advanced Infrastructure as Code proficiency (Terraform, CloudFormation, AWS CDK)
- Expert container and orchestration security (Docker, Kubernetes/EKS, service mesh security)
- Advanced scripting and automation capabilities (Python, Bash, PowerShell, Go)
- Enterprise network security and cloud networking expertise
Security Expertise
- Deep understanding of application security principles and advanced penetration testing methodologies
- Expert knowledge of cloud security frameworks (NIST, CSA, AWS Well-Architected Security Pillar)
- Advanced understanding of financial services security and payment processing compliance requirements
- Expertise in security architecture design for complex distributed systems
- Advanced threat modeling and risk assessment capabilities
- Comprehensive knowledge of cryptography, PKI, and secure communication protocols
- Expert-level incident response and forensic analysis skills
- Advanced understanding of regulatory compliance frameworks and audit requirements
Nice to Have
Certifications
- AWS Security Specialty certification (required)
- Advanced penetration testing certifications (OSCP, GWEB, eWPT, eWPTX)
- Security leadership certifications (CISSP, CISM, CISSP)
- Cloud architecture certifications (AWS Solutions Architect Professional, DevOps Engineer Professional)
- Additional cloud security certifications (Azure Security, GCP Security)
Additional Skills
- Experience with multi-cloud security architectures and hybrid environments
- Advanced knowledge of serverless security (AWS Lambda, API Gateway, serverless frameworks)
- Expertise in security orchestration and automated response (SOAR) platforms
- Experience with machine learning/AI security applications and threat detection
- Advanced understanding of payment processing security and financial services infrastructure
- Experience with regulatory examination processes and security audit leadership
- Knowledge of emerging security technologies and threat landscape evolution
Experience with security product evaluation and vendor management
Advanced presentation and executive communication skills
Key Abilities and Traits
Technical Excellence: Demonstrated ability to architect and implement comprehensive security solutions across complex application and cloud environments processing sensitive financial data.
Leadership: Proven capability to lead security initiatives across multiple teams, influence strategic decisions, and mentor engineering talent while representing security needs to executive leadership.
Strategic Thinking: Ability to balance immediate security needs with long-term strategic objectives, translating business requirements into technical security solutions.
Problem-Solving: Expert-level analytical and problem-solving skills with the ability to address complex security challenges spanning application code to cloud infrastructure.
Communication: Exceptional verbal and written communication skills, capable of explaining complex security concepts to technical teams, business stakeholders, and executive leadership.
Continuous Innovation: Commitment to staying current with emerging security threats, technologies, and industry best practices while driving security innovation within the organization.
Project Management: Advanced ability to manage multiple complex security initiatives simultaneously while ensuring compliance with regulatory requirements and business objectives.
Mentorship: Strong commitment to developing junior security talent and fostering a security-conscious culture across engineering teams.
-
Security Engineer II
3 days ago
Bengaluru, Karnataka, India Safe Security Full time ₹ 12,00,000 - ₹ 36,00,000 per yearAt SAFE Security, our mission is bold and ambitious: We Will Build CyberAGI — a super-specialized system of intelligence that autonomously predicts, detects, and remediates threats. This isn't just a vision—it's the future we're building every day, with the best minds in AI, cybersecurity, and risk. At SAFE, we empower individuals and teams with the...
-
Security Engineer II
5 days ago
Bengaluru, Karnataka, India Safe Security Full time ₹ 6,00,000 - ₹ 18,00,000 per yearAt SAFE Security, our mission is bold and ambitious:We Will Build CyberAGI— a super-specialized system of intelligence that autonomously predicts, detects, and remediates threats. This isn't just a vision—it's the future we're building every day, with the best minds in AI, cybersecurity, and risk. At SAFE, we empower individuals and teams with the...
-
Security Engineer II
4 days ago
Bengaluru, Karnataka, India Safe Security Full time ₹ 5,00,000 - ₹ 15,00,000 per yearAt SAFE Security, our mission is bold and ambitious: We Will Build CyberAGI — a super-specialized system of intelligence that autonomously predicts, detects, and remediates threats. This isn't just a vision—it's the future we're building every day, with the best minds in AI, cybersecurity, and risk. At SAFE, we empower individuals and teams with the...
-
Senior Network Engineer
7 days ago
Chennai, Tamil Nadu, India SQ1 Security Full time ₹ 15,00,000 - ₹ 25,00,000 per yearThe Senior Network Engineer will oversee enterprise network operations and manage infrastructure across multiple locations. The role includes strategic planning, technical leadership, and innovation in IT environments.ResponsibilitiesMentor a junior network engineers across sitesManage network infrastructure (Fortinet, D-Link, IPBX, AD, VPN, SD-WAN,...
-
Security Analytics Platform Engineer
2 weeks ago
Bengaluru, India Andromeda Security Full timeDistributed Systems Development Engineer Summary: We are a stealth startup, top-tier Silicon Valley VC-funded multinational startup building a team in Bengaluru, India. You will have the opportunity to grow with the company and help secure enterprises from cloud security breaches. Job Description: Looking for dreamers, coders, hackers who want to explore the...
-
Bengaluru, India Skyhigh Security Full timeAbout Skyhigh Security:Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world’s data, and because of this, we live and breathe security. We value learning at our core, underpinned by openness and transparency. Since 2011, organizations have trusted us to provide them with a...
-
Senior Engineering Manager
2 weeks ago
Bengaluru, Karnataka, India Rubrik Security Cloud Full time ₹ 20,00,000 - ₹ 25,00,000 per yearAbout the team Product Security Team: Securing Rubrik's PlatformThe Product Security Engineering team is responsible for building innovative security-focused features and frameworks for large scale data management products. We are looking for a senior manager to lead two engineering teams (Shield - IAM and Shield - Platform) composed of talented software...
-
Senior Information Security Engineer
2 days ago
Chennai, Tamil Nadu, India Hustek Business Solutions Full time ₹ 60,00,000 - ₹ 1,20,00,000 per yearJob Title : Senior Software Engineer InfoSec (IAM)Location : ChennaiExperience : 610 years (or as required)Role Overview : We are seeking a skilled and experienced Senior Software Engineer with a strong background in Information Security and Identity & Access Management (IAM). The ideal candidate will be responsible for designing, developing, and...
-
Senior Security Operations Engineer
3 weeks ago
Chennai, India SES Latin America Full timeSenior Security Operations Engineer ROLE DESCRIPTION SUMMARY SES’s Senior Security Operations Engineer focuses on advancing SES’s Information Security threat and compliance program by security monitoring, threat & vulnerability management, and delivering professional reports including findings and recommendations. The Senior Security Operations...
-
Senior Security Operations Engineer
2 weeks ago
Chennai, India SES Full timeSenior Security Operations Engineer ROLE DESCRIPTION SUMMARY SES’s Senior Security Operations Engineer focuses on advancing SES’s Information Security threat and compliance program by security monitoring, threat & vulnerability management, and delivering professional reports including findings and recommendations. The Senior Security Operations...