Security Engineer

Company Description

VipraTech Labs is a forward-thinking technology startup specializing in end-to-end product development, security, automation, and AI-driven workflows. The company builds complete solutions, from backend to frontend, with a focus on secure, testable, and scalable code. VipraTech designs and delivers efficient products and tools while prioritizing automation of operations and AI-enhanced innovation. The team is committed to working closely with startups across regions such as NZ, AUS, SEA, Middle East, EU, and the US, offering personalized, hands-on partnership with a focus on accountability and ROI. VipraTech also invests in nurturing talent, particularly in core development, AI, and cybersecurity.

Role Description

Security Engineer – Python (AppSec Tooling & Integrations)

What you’ll do

• Build

  Python

  scripts, services, and CLI tools to automate security checks, data collection, and reporting.
• Integrate external tools (scanners/APIs/CLIs) into

  Dockerized

  workflows; write Python adapters/wrappers for consistent I/O.
• Develop parsers/matchers to turn raw outputs (HTTP/JSON/HTML/logs) into normalized findings and lightweight reports.
• Orchestrate jobs (scheduling, retries, parallel runs); add logging/metrics and basic error handling.
• Contribute to secure, maintainable code: small PRs, unit tests, docstrings/READMEs, and simple design notes.
• Collaborate with security researchers/engineers to translate techniques into

  repeatable, low-false-positive

  automation.
• Support CI/CD by adding linters/tests and packaging your code for reliable, reproducible runs.
• Participate in code reviews; suggest improvements in performance, reliability, and security hygiene.

Qualifications

Must-have

• Python proficiency:

  solid fundamentals (data structures, OOP, typing),

  HTTP clients

  (requests/httpx),

  parsing

  (BeautifulSoup/lxml/json/regex), CLI tooling (argparse/click), packaging/virtualenv/Poetry.

• Web & protocols:

  HTTP/HTTPS basics, cookies/sessions, headers/CORS, REST/JSON, simple auth flows (tokens/Basic).

• Security foundations:

  OWASP Top 10 concepts (XSS/SSRF/SQLi/Auth/IDOR), input validation/encoding, least privilege, secrets handling, logging for security.

• Tooling & automation:

  Linux shell,

  Docker

  (build, multi-stage, compose), Git/GitHub flow, write Python

  wrappers/adapters

  around external tools/APIs.

• Quality & reliability:

  unit tests/pytest, reproducible runs, basic error handling/retries, docstrings/README, small PR discipline.

• Collaboration:

  clear written communication, comfort with ticketing (Jira/Linear), code reviews, following acceptance criteria and scope.

Good-to-have

• Security tools exposure:

  Burp Suite (extensions/Intruder), Nmap/NSE, one of ZAP/Semgrep/Trivy/Bandit, secrets scanners.

• Concurrency & performance:

  asyncio/threading/process pools; batching, back-pressure; basic profiling.

• Data & stores:

  SQLite/Postgres basics, Redis/queues for job orchestration.

• CI/CD basics:

  linters (ruff/flake8), formatters (black), simple GitHub Actions or similar.

• Framework awareness:

  basic Django/FastAPI (routes, deps, auth), simple service endpoints.

• Cloud familiarity:

  fundamentals on any one cloud (AWS/Azure/GCP)—IAM basics, container run, logs/metrics.

• Networking:

  ports/protocols, DNS/HTTP debugging, TLS/mitm basics (Burp/mitmproxy).

• Security mindset:

  threat modeling lite, reducing false positives, safe handling of test payloads; responsible disclosure etiquette.

• Plus points:

  prior bug-bounty write-ups/tools, CTFs, open-source contributions; relevant certs (eJPT, PNPT, OSCP, CEH) are a bonus—not mandatory.

Education/Experience

• Bachelor’s in CS/IT or equivalent

  or

  strong portfolio/GitHub demonstrating Python tooling.
• 0–2 years for entry/junior; we value

  proof of work

  over years.