Security Engineer

Location: Hyderabad
Job Type: Full-time Work from Office Experience Level: Senior-Level

Summary:

We are seeking a detail-oriented and experienced Security Engineer to join our team. The ideal candidate will be responsible for designing and implementing security measures across our web, desktop, and cloud-based applications. You will play a critical role in safeguarding our infrastructure, identifying vulnerabilities, and ensuring compliance with best practices and security standards.

Key Responsibilities:

• Design and implement security controls and best practices across web, desktop and cloud environments.
• Conduct threat modelling, risk assessments, and vulnerability scans on applications and infrastructure.
• Perform regular penetration testing and code reviews to identify security flaws.
• Collaborate with development and DevOps teams to remediate vulnerabilities in CI/CD pipelines.
• Monitor systems and applications for unusual activity and respond to security incidents.
• Stay up to date with the latest threats, attack vectors, and mitigation techniques.
• Ensure compliance with relevant regulations and frameworks (e.g., ISO 27001, GDPR, SOC 2, HIPAA).
• Implement and manage tools such as SIEM, WAF, IDS/IPS, endpoint protection, and SAST/DAST tools.
• Educate and train engineering teams on security awareness and secure coding practices.

Required Skills & Qualifications:

• Bachelors degree in computer science, Cybersecurity, or a related field.
• 4+ years of experience in application and infrastructure security.
• Strong understanding of secure software development, OWASP Top 10, and common exploits.
• Experience securing web technologies (HTML, CSS, JS, REST APIs) and desktop applications (Windows/macOS/Linux).
• Solid knowledge of cloud security best practices for platforms like AWS, Azure, or GCP.
• Proficiency with security tools such as Burp Suite, Metasploit, Wireshark, Nessus, or Snort.
• Experience with scripting languages like Python, PowerShell, or Bash.
• Familiarity with infrastructure-as-code security (Terraform, CloudFormation, etc.) is a plus.
• Hands-on experience with DevsecOps practices and integrating security into CI/CD pipelines.

Preferred but not Mandatory Qualifications:

• Relevant certifications: CEH, OSCP, CISSP, GIAC, or AWS/Azure Security certifications.
• Experience implementing Zero Trust Architecture and IAM policies.\
• Experience with endpoint and EDR tools (CrowdStrike, Sentinel One, etc.).
• Knowledge of container and Kubernetes security practices.

Soft Skills:

• Excellent analytical and troubleshooting skills.
• Strong communication and documentation abilities.
• Ability to work independently and collaboratively in a fast-paced environment.
• Proactive mindset toward risk management and security posture improvement.