Security Engineer

Job Role: Security Engineer

Location:

Employment Type:

Team:

Role Overview

Senior Security Engineer

hands-on breaker-builder

Key Responsibilities

Security Engineering & Automation

• Design and implement

  security automation frameworks

  for threat detection, remediation and compliance validation across cloud and application layers.
• Develop tools and scripts to enhance security visibility in

  AI model pipelines

  , APIs and data integrations.
• Integrate security controls into CI/CD workflows (SAST, DAST, SCA, IaC scanning).
• Worked on

  XDR/SIEM

  for automated detection and response.

Application & API Security

• Perform

  secure code reviews

  and threat modeling for

  AI microservices, REST APIs and agent frameworks

  .
• Collaborate with developers to remediate vulnerabilities and enforce secure SDLC practices.
• Lead periodic

  VAPT (Vulnerability Assessment & Penetration Testing)

  for web, mobile apps, Agentic AI platform and connected services.
• Identified and mitigated vulnerabilities such as

  OTP bypass

  ,

  data leaks in public GCS buckets

  and

  source code exposure

  .

Cloud & Infrastructure Security

• Secure multi-cloud (GCP/AWS) environments using native and third-party tools.
• Build and maintain

  IaC security baselines

  and automated configuration drift detection.
• Configure and manage

  WAF

  for custom DDoS and bot protection.
• Manage

  secrets, IAM and container security

  best practices across production workloads.
• Fix misconfigurations, default credentials, and public exposures across systems like Grafana, Zookeeper, and Prometheus.

AI & Data Security

• Continuously monitor for compromised datasets, credentials, and model theft attempts in deep/dark web spaces.
• Implement

  data protection mechanisms

  for AI training pipelines, model storage and inference endpoints.
• Evaluate and mitigate

  prompt injection

  ,

  model leakage

  and

  data exfiltration

  risks in AI agents.

Monitoring & Incident Response

• Collaborate with internal teams to improve

  threat detection

  , alert triage and response automation.
• Monitor dark web and forums like Telegram/Russian marketplaces for leaked data, compromised credentials, and fake breach claims.
• Build dashboards and reports for proactive risk visibility.

Security Awareness & Leadership

• Conduct internal security training and phishing simulations.
• Mentor interns and engineers on VAPT, incident response, and secure coding.
• Advocate for organization-wide adoption of

  DMARC

  ,

  SPF

  , and

  DKIM

  for email protection.

Compliance & Governance

• Contribute to

  ISO 27001, SOC 2, GDPR and HIPAA

  security controls implementation.
• Document policies, run internal audits and support external assessments.
• Manage security communications with third-party vendors (Google Security, VisitHealth, PingSafe, etc.) and ethical disclosures.

Key Requirements

• Experience:

  2-6 years in application, cloud or product security engineering.

• Strong programming/scripting

  in Python, Go or Node.js (for automation).
• Deep understanding of

  web and mobile security

  ,

  OWASP Top 10

  , and

  secure SDLC

  practices.
• Hands-on experience with:
• Cloud security (IAM, key management, configuration monitoring, threat detection and security monitoring using tools like CSPM, CASB, SIEM, etc.)
• IaC tools (Terraform, CloudFormation)
• CI/CD tools (GitHub Actions, Jenkins, GitLab CI)
• Strong understanding of containers (Docker, Kubernetes, EKS/GKE)
• Familiar with

  AI model security

  and

  data privacy principles

  (preferred).
• Knowledge of

  compliance frameworks

  like ISO 27001, SOC2, NIST or GDPR.
• Certifications (Good to have):

  OSCP, GCP/AWS Security Specialty, CEH, CISSP or CKS

  .

Soft Skills

• Strong analytical and problem-solving mindset.
• Excellent cross-functional collaboration.
• Passion for innovation, automation and continuous learning.