Return to jobs list

Security Engineer - Contract

Job type: Contract · Department: IT & InfoSec · Work type: On-Site

Bengaluru, Karnataka, India

About Job

We are looking for a skilled and driven Security Engineer to join our growing security team. This role requires a hands-on professional who can evaluate and strengthen the security posture of our applications and infrastructure across Web, Android, iOS, APIs, and cloud-native environments. The ideal candidate will also lead technical triage from our bug bounty program, integrate security into the DevOps lifecycle, and contribute to building a security-first engineering culture.

Skills & Qualification

  • Required Skills & Experience:

    • 4 to 5 years of solid hands-on experience in the VAPT domain

    • Solid understanding of Web, Android, and iOS application security

    • Experience with DevSecOps tools and integrating security into CI/CD

    • Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models

    • Familiarity with bug bounty programs and responsible disclosure practices

    • Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc

    • Good knowledge of API security

    • Scripting experience (Python, Bash, or similar) for automation tasks

    Preferred Qualifications:

    • OSCP, CEH, AWS Security Specialty, or similar certifications

    • Experience working in a regulated environment (e.g., FinTech, InsurTech)

Responsibilities

  • Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints

  • Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components

  • Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities

  • Conduct secure code reviews and red team assessments

  • Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines

  • Automate security checks using tools like SonarQube, Snyk, Trivy, etc.

  • Maintain and manage vulnerability scanning infrastructure

  • Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes.

  • Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring

  • Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines

  • Triage bug bounty reports and coordinate remediation with engineering teams

  • Act as the primary responder for external security disclosures

  • Maintain documentation and metrics related to bug bounty and penetration testing activities

  • Collaborate with developers and architects to ensure secure design decisions

  • Lead security design reviews for new features and products

  • Provide actionable risk assessments and mitigation plans to stakeholders