What You'll Do
Lead end-to-end vulnerability management, from detection to resolution tracking, ensuring risks are addressed efficiently. Integrate security into the core of product development by guiding design choices for mobile apps, APIs, and microservices. Work directly with engineering teams to resolve issues, not just flag them, fostering a culture of shared responsibility.
Conduct threat modelling and risk assessments to proactively identify weaknesses and prioritize fixes. Enhance system visibility by refining monitoring, detection, and alerting capabilities. Establish and enforce security standards across the organization, ensuring consistency and compliance.
Advance DevSecOps by integrating security tools into CI/CD pipelines and automating safeguards. Strengthen cloud security across AWS, GCP, or equivalent platforms. Support regulatory compliance in sensitive environments and drive automation to reduce manual effort and scale security practices.
Requirements
- 7+ years in security engineering or related fields
- 5+ years focused on application security (AppSec)
- 3+ years conducting threat modelling and risk assessments
- 3+ years applying secure coding practices, including OWASP guidelines
- 2+ years implementing DevSecOps and securing CI/CD workflows
- 2+ years with containerization tools like Docker and Kubernetes
- 2+ years applying cryptography in real-world systems
- Proven experience in cloud environments such as AWS or GCP
- Track record of leading security initiatives and driving remediation with engineering teams
- Strong analytical skills to assess and prioritize security risks effectively
Benefits
- Fixed working hours: 12:00 PM – 9:30 PM IST (summer) or 1:00 PM – 10:30 PM IST (winter)
- No weekend commitments—real work-life balance
- Full medical insurance and company laptop provided from day one
- Access to mentorship, peer forums, and idea-sharing communities
- Opportunity for long-term growth in an inclusive, supportive environment
