Security Engineer – 3

End-to-End Security Posture, Architecture & Automation Leadership

Location: Bangalore (Work From Office)

Reports to: CISO

Cashfree Payments manages mission-critical payment and API infrastructure under RBI and

PCI-DSS compliance. We require uncompromising security and resilience to handle

high-volume financial transactions. We are building an automation-first, intelligence-driven

security organization designed to scale with business growth without linear headcount

expansion.

Role Summary

The Security Engineer - 3 owns the security engineering strategy across application, cloud, and

detection. This role partners closely with Engineering, Platform, and GRC teams, with the

authority to define security standards, guardrails, and architectural baselines.

This is an engineering-driven security leadership position, not a ticket-triage or

compliance reporting role.

We seek a highly autonomous, hands-on security engineer to own and elevate the

organization’s security posture end-to-end. This is a builder’s role focused on designing scalable

systems.

The role requires someone who:

● Operates independently, converting ambiguity into structured execution.

● Defines measurable security KPIs and delivers sustained improvement.

● Engineers scalable automation across the security lifecycle.

● Leads technical decision-making and mentors team members.

● Leverages AI and emerging technologies to amplify security impact.

Key Responsibilities

Enterprise Security Posture & Risk Engineering

● Define and track measurable KPIs (risk reduction, MTTR).

● Design and operationalize vulnerability lifecycle management.

● Translate RBI and PCI-DSS expectations into automated technical controls and build

engineering-driven audit readiness frameworks.

● Identify and eliminate systemic security weaknesses.

Secure Architecture & Cloud Security Engineering

● Architect and secure multi-account AWS environments, hardening Kubernetes (EKS).

Implement Zero Trust principles (mTLS, OAuth2, OIDC, JWT).

● Engineer IAM, secrets management, encryption controls, and network segmentation

(VPC architecture, WAF).

● Embed security controls into Infrastructure-as-Code (Terraform).

Shift-Left & DevSecOps Automation at Scale

● Architect fully automated CI/CD-integrated security testing (SAST, DAST, SCA,

Container scanning, IaC scanning, Secrets detection).

● Build policy-as-code guardrails, engineer contextual vulnerability prioritization, and drive

security-as-code adoption to reduce manual review dependency.

Offensive Security & Threat Modeling Leadership

● Oversee and coordinate periodic VAPT engagements (internal and external).

● Conduct advanced white-box security assessments and lead structured threat modeling

(STRIDE).

● Review authentication/authorization logic, evaluate API attack surfaces, and

demonstrate exploitability where necessary.

Detection Engineering, Incident Leadership & Response Maturity

● Design scalable detection strategies using cloud-native telemetry (CloudTrail,

Kubernetes logs) and SIEM/SOAR.

● Engineer contextual alerting, lead technical response during incidents, drive root cause

analysis, and improve detection/response automation.

AI-Driven Security Innovation

● Implement AI-assisted secure code review and vulnerability triage.

● Identify and mitigate LLM security risks.

● Automate prioritization using contextual risk signals and continuously evaluate emerging

AI-driven security technologies.

Technical Leadership & Team Elevation

Mentor team members, establish reusable security frameworks and engineering standards,

influence architecture decisions, and build scalable security systems.

Technology Environment

● AWS (multi-account architecture)

● Kubernetes (EKS-based microservices)

● API-driven services (Java / Go / Node ecosystem)

● CI/CD pipelines (Git-based workflows)

● Infrastructure as Code (Terraform)

● Centralized logging and monitoring stack

Required Qualifications and Expertise

● B.Tech. in Computer Science, Electrical, or Computer Engineering, or equivalent work

experience as a software engineering or security practitioner.

● 7+ years of deep hands-on security engineering experience (or equivalent architectural

depth).

● Proven track record of independently driving security transformation.

● Strong expertise in: AWS security architecture, Kubernetes & container security, Secure

SDLC & CI/CD integration, IaC security, API & authentication security, Vulnerability

lifecycle management, and Detection engineering.

● Strong programming/scripting skills (Python/ Go).

● Experience correlating technical risk to business impact.

● Ability to operate effectively without detailed managerial direction.

What Excellence Looks Like

● Security posture measurably improves quarter over quarter.

● Automation replaces repetitive manual effort.

● Critical vulnerabilities decline structurally.

● Detection and remediation timelines consistently improve.

● Audit cycles become predictable and engineering-driven.

● Security scales without proportional headcount growth.