Return to jobs list

Security Engineer II

Job type: Full Time · Department: IT & InfoSec · Work type: On-Site

Bengaluru, Karnataka, India

Role Overview:

We are looking for a skilled and driven Senior Security Engineer to join our growing security team. This role requires a hands-on professional who can evaluate and strengthen the security posture of our applications and infrastructure across Web, Android, iOS, APIs, and cloud-native environments. The ideal candidate will also lead technical triage from our bug bounty program, integrate security into the DevOps lifecycle, and contribute to building a security-first engineering culture.

Key Responsibilities:

  • Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints

  • Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components

  • Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities

  • Conduct secure code reviews and red team assessments

  • Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines

  • Automate security checks using tools like SonarQube, Snyk, Trivy, etc.

  • Maintain and manage vulnerability scanning infrastructure

  • Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes.

  • Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring

  • Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines

  • Triage bug bounty reports and coordinate remediation with engineering teams

  • Act as the primary responder for external security disclosures

  • Maintain documentation and metrics related to bug bounty and penetration testing activities

  • Collaborate with developers and architects to ensure secure design decisions

  • Lead security design reviews for new features and products

  • Provide actionable risk assessments and mitigation plans to stakeholders

Required Skills & Experience:

  • 5 to 8 years of solid hands-on experience in the VAPT domain

  • Solid understanding of Web, Android, and iOS application security

  • Experience with DevSecOps tools and integrating security into CI/CD

  • Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models

  • Familiarity with bug bounty programs and responsible disclosure practices

  • Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc

  • Good knowledge of API security

  • Scripting experience (Python, Bash, or similar) for automation tasks

Preferred Qualifications:

  • OSCP, CEH, AWS Security Specialty, or similar certifications

  • Experience working in a regulated environment (e.g., FinTech, InsurTech)