Company Description VipraTech Labs is a forward-thinking technology startup specializing in end-to-end product development, security, automation, and AI-driven workflows. The company builds complete solutions, from backend to frontend, with a focus on secure, testable, and scalable code. VipraTech designs and delivers efficient products and tools while prioritizing automation of operations and AI-enhanced innovation. The team is committed to working closely with startups across regions such as NZ, AUS, SEA, Middle East, EU, and the US, offering personalized, hands-on partnership with a focus on accountability and ROI. VipraTech also invests in nurturing talent, particularly in core development, AI, and cybersecurity. Role Description As a Security Engineer – Python (AppSec Tooling & Integrations) you will turn security research and real-world testing needs into reliable, reusable Python automation . You’ll build scripts/services/CLIs that automate checks, parse results, and publish normalized findings; wrap third-party scanners and APIs behind clean adapters; and package everything into Dockerized jobs that run predictably in CI/CD and our backend pipelines. You will collaborate closely with team to convert techniques into low-false-positive tooling, add logging/metrics, and document usage so others can operate your work without hand-holding. The role is hands-on and delivery-focused: small PRs, clear acceptance criteria, scope discipline, and readable code with tests and docstrings. You’ll participate in design/code reviews, improve reliability/performance, and help evolve our starter kits and internal libraries. This is an onsite, Kota position with a strong learning culture—expect fast feedback, weekly demos, and growth toward owning modules and mentoring juniors. What you’ll do Build Python scripts, services, and CLI tools to automate security checks, data collection, and reporting. Integrate external tools (scanners/APIs/CLIs) into Dockerized workflows; write Python adapters/wrappers for consistent I/O. Develop parsers/matchers to turn raw outputs (HTTP/JSON/HTML/logs) into normalized findings and lightweight reports. Orchestrate jobs (scheduling, retries, parallel runs); add logging/metrics and basic error handling. Contribute to secure, maintainable code: small PRs, unit tests, docstrings/READMEs, and simple design notes. Collaborate with security researchers/engineers to translate techniques into repeatable, low-false-positive automation. Support CI/CD by adding linters/tests and packaging your code for reliable, reproducible runs. Participate in code reviews; suggest improvements in performance, reliability, and security hygiene. Qualifications Must-have Python proficiency: solid fundamentals (data structures, OOP, typing), HTTP clients (requests/httpx), parsing (BeautifulSoup/lxml/json/regex), CLI tooling (argparse/click), packaging/virtualenv/Poetry. Web & protocols: HTTP/HTTPS basics, cookies/sessions, headers/CORS, REST/JSON, simple auth flows (tokens/Basic). Security foundations: OWASP Top 10 concepts (XSS/SSRF/SQLi/Auth/IDOR), input validation/encoding, least privilege, secrets handling, logging for security. Tooling & automation: Linux shell, Docker (build, multi-stage, compose), Git/GitHub flow, write Python wrappers/adapters around external tools/APIs. Quality & reliability: unit tests/pytest, reproducible runs, basic error handling/retries, docstrings/README, small PR discipline. Collaboration: clear written communication, comfort with ticketing (Jira/Linear), code reviews, following acceptance criteria and scope. Good-to-have Security tools exposure: Burp Suite (extensions/Intruder), Nmap/NSE, one of ZAP/Semgrep/Trivy/Bandit, secrets scanners. Concurrency & performance: asyncio/threading/process pools; batching, back-pressure; basic profiling. Data & stores: SQLite/Postgres basics, Redis/queues for job orchestration. CI/CD basics: linters (ruff/flake8), formatters (black), simple GitHub Actions or similar. Framework awareness: basic Django/FastAPI (routes, deps, auth), simple service endpoints. Cloud familiarity: fundamentals on any one cloud (AWS/Azure/GCP)—IAM basics, container run, logs/metrics. Networking: ports/protocols, DNS/HTTP debugging, TLS/mitm basics (Burp/mitmproxy). Security mindset: threat modeling lite, reducing false positives, safe handling of test payloads; responsible disclosure etiquette. Plus points: prior bug-bounty write-ups/tools, CTFs, open-source contributions; relevant certs (eJPT, PNPT, OSCP, CEH) are a bonus—not mandatory. Education/Experience Bachelor’s in CS/IT or equivalent or strong portfolio/GitHub demonstrating Python tooling. 0–2 years for entry/junior; we value proof of work over years.
Wait!
Before You Leave... Find Your Perfect Job!
Are you sure you don't want to discover the perfect job opportunity? At JobPe, we help you find the best career matches, tailored to your skills and preferences. Don’t miss out on your dream job!