Security Engineer

Yes Madam is a fast-growing, tech-driven company transforming home wellness and personal care. As
we scale, security is paramount to protect our customers, partners, and products. We're looking for aSecurity Engineer with 4-6 YOE who thrives on identifying vulnerabilities, building secure systems, andcollaborating across teams to build a robust security culture.What You’ll Do

As a Security Engineer at Yes Madam, you'll be responsible for driving application and infrastructure
security initiatives across our tech ecosystem. You will:Application & Offensive SecurityPerform comprehensive security assessments (VAPT) of mobile apps (Android & iOS), webapplications, APIs, and internal assets.Triaging any submitted issues, good to have high-ranking profiles on HackerOne, Bugcrowd, orSynack.Conduct code reviews to detect critical security flaws.Mobile Security FocusPerform deep-dive assessments of mobile applications using tools like Frida, Objection, MobSF,Drozer, etc.Identify vulnerabilities aligned with OWASP MASVS and OWASP Mobile Top 10.Collaborate with mobile dev teams to remediate findings and raise the bar for app security.Cloud & Infra SecurityPerform penetration testing and security reviews of cloud infrastructure (AWS/Azure/GCP).Evaluate configurations against CIS Benchmarks, and provide actionable recommendations.Review IaC (Terraform, CloudFormation) for misconfigurations.DevSecOps & AutomationIntegrate security tools (SAST, DAST, SCA) into CI/CD pipelines.Enable scalable and automated security scanning throughout the SDLC.Define and monitor key security KPIs and metrics.Collaboration & RemediationPartner with DevOps, engineering, and product teams to prioritize and remediate vulnerabilities.

Page 2 of 2

Lead threat modeling and security reviews during the design phase of features.
Promote secure coding practices through training, code examples, and mentorship.Security Culture & AwarenessActively contribute to building a strong security-first mindset within engineering.Help establish and scale a Security Champions program.Stay up-to-date with evolving security threats and lead internal knowledge-sharing sessions.

What Are You Bringing ?

4–6 years of hands-on experience in security engineering, offensive security, or application
security.Proven success in public/private bug bounty programs with recognized submissions.Strong grasp of OWASP Top 10 (Web & Mobile) and common exploit techniques.Experience conducting mobile application security testing for Android & iOS.Understanding of code scanning (SAST) and runtime/dynamic testing (DAST) methodologies.Proficiency in scripting languages (e.g., Python, Bash) to automate common tasks.Solid grasp of network security and common misconfigurations.Ability to take ownership, stay curious, and drive initiatives end-to-end.Experience in cloud penetration testing or cloud infrastructure reviews (AWS/GCP/Azure).Familiarity with DevSecOps, threat modeling, and CI/CD security integration.Contributions to open-source security tools, writeups, or conference talks.Understanding of compliance frameworks (ISO 27001, SOC 2, CIS, NIST).Hands-on exposure to tools like Burp Suite, Nmap, Wireshark, Nessus, Metasploit, ZAP, etc.

Job Type: Full-time

Pay: ₹1,200,000.00 - ₹1,500,000.00 per year

Work Location: In person