Security Engineer III

Responsibilities : Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities Conduct secure code reviews and red team assessments Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines Automate security checks using tools like SonarQube, Snyk, Trivy, etc. Maintain and manage vulnerability scanning infrastructure Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes. Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines Triage bug bounty reports and coordinate remediation with engineering teams Act as the primary responder for external security disclosures Maintain documentation and metrics related to bug bounty and penetration testing activities Collaborate with developers and architects to ensure secure design decisions Lead security design reviews for new features and products Provide actionable risk assessments and mitigation plans to stakeholders Required Skills & Experience: 5 - 8 years of solid hands-on experience in the VAPT domain Solid understanding of Web, Android, and iOS application security Experience with DevSecOps tools and integrating security into CI/CD Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models Familiarity with bug bounty programs and responsible disclosure practices Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc Good knowledge of API security Scripting experience (Python, Bash, or similar) for automation tasks Preferred Qualifications: OSCP, CEH, AWS Security Specialty, or similar certifications Experience working in a regulated environment (e.g., FinTech, InsurTech)