Senior Security Engineer

Title: Senior Security Engineer (Sr.SE )

Location: Bengaluru

Employment Type: Full-time

Team: Security Engineering 

Role Overview

As a Senior Security Engineer, you will play a key role in strengthening the company’s overall security posture across our AI platforms, microservices, data pipelines and mobile/web products. You will design, build and automate scalable security controls that integrate seamlessly into our CI/CD pipelines and cloud infrastructure.

This role demands a hands-on breaker-builder who can balance deep technical expertise with practical risk management, while collaborating with AI, product, and DevOps teams.

1. Security Engineering & Automation

• Design and implement security automation frameworks for threat detection, remediation and compliance validation across cloud and application layers.
• Develop tools and scripts to enhance security visibility in AI model pipelines, APIs and data integrations.
• Integrate security controls into CI/CD workflows (SAST, DAST, SCA, IaC scanning).
• Worked on XDR/SIEM for automated detection and response.

2. Application & API Security

• Perform secure code reviews and threat modeling for AI microservices, REST APIs and agent frameworks.
• Collaborate with developers to remediate vulnerabilities and enforce secure SDLC practices.
• Lead periodic VAPT (Vulnerability Assessment & Penetration Testing) for web, mobile apps, Agentic AI platform and connected services. 
• Identified and mitigated vulnerabilities such as OTP bypass, data leaks in public GCS buckets and source code exposure.

3. Cloud & Infrastructure Security

• Secure multi-cloud (GCP/AWS) environments using native and third-party tools.
• Build and maintain IaC security baselines and automated configuration drift detection.
• Configure and manage WAF for custom DDoS and bot protection.
• Manage secrets, IAM and container security best practices across production workloads.
• Fix misconfigurations, default credentials, and public exposures across systems like Grafana, Zookeeper, and Prometheus.

4. AI & Data Security

• Continuously monitor for compromised datasets, credentials, and model theft attempts in deep/dark web spaces.
• Implement data protection mechanisms for AI training pipelines, model storage and inference endpoints.
• Evaluate and mitigate prompt injection, model leakage and data exfiltration risks in AI agents.

5. Monitoring & Incident Response

• Collaborate with internal teams to improve threat detection, alert triage and response automation.
• Monitor dark web and forums like Telegram/Russian marketplaces for leaked data, compromised credentials, and fake breach claims.
• Build dashboards and reports for proactive risk visibility.

6. Security Awareness & Leadership

• Conduct internal security training and phishing simulations.
• Mentor interns and engineers on VAPT, incident response, and secure coding.
• Advocate for organization-wide adoption of DMARC, SPF, and DKIM for email protection.

7. Compliance & Governance

• Conduct internal security training and phishing simulations.
• Contribute to ISO 27001, SOC 2, GDPR and HIPAA security controls implementation.
• Document policies, run internal audits and support external assessments.
• Manage security communications with third-party vendors (Google Security, VisitHealth, PingSafe, etc.) and ethical disclosures.

Key Requirements

• Experience: 1 - 4 years in application, cloud or product security engineering.
• Strong programming/scripting in Python, Go or Node.js (for automation).
• Deep understanding of web and mobile security, OWASP Top 10, and secure SDLC practices.
• Hands-on experience with:
• Cloud security (IAM, key management, configuration monitoring, threat detection and security monitoring using tools like CSPM, CASB, SIEM, etc.)
• IaC tools (Terraform, CloudFormation)
• CI/CD tools (GitHub Actions, Jenkins, GitLab CI)
• Strong understanding of containers (Docker, Kubernetes, EKS/GKE)
• Familiar with AI model security and data privacy principles (preferred).
• Knowledge of compliance frameworks like ISO 27001, SOC2, NIST or GDPR.
• Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP or CKS.

Soft Skills

• Strong analytical and problem-solving mindset.
• Excellent cross-functional collaboration.
• Passion for innovation, automation and continuous learning.