About Us Astra is a cybersecurity SaaS company that makes otherwise chaotic pentests a breeze with its one-of-a-kind AI-led offensive Pentest Platform Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 13,000+ security tests CTOs and CISOs love Astra because it helps them to achieve continuous security at scale, fix vulnerabilities in record time, and seamlessly transition from DevOps to DevSecOps with Astra's powerful CI/CD integrations Astra is loved by 800+ companies across 70+ countries In 2024 Astra uncovered 25 million+ vulnerabilities for its customers, saving customers $110M+ in potential losses due to security vulnerabilities We've been awarded by the President of France Mr Fran?ois Hollande at the La French Tech program and Prime Minister of India Shri Narendra Modi at the Global Conference on Cyber Security Loom, MamaEarth, Muthoot Finance, Canara Robeco, Dream 11, OLX Autos etc are a few of Astras customers Job Description: This is a remote position Role Overview: As a SDE II (Vulnerability Detection), you will be at the forefront of vulnerability research and detection engineering for our cloud-based SaaS security platform Your primary focus will be on identifying new attack techniques, researching emerging threats, and developing high-fidelity detection rules to enhance our offensive security engine This role requires a deep understanding of web, cloud, and API security, along with hands-on experience in exploiting vulnerabilities, writing detection logic, and optimizing scanning strategies You will work closely with security researchers, engineers, and product teams to ensure our platform remains ahead of evolving threats If you're passionate about offensive security, love breaking things to make them more secure, and want to shape the future of automated vulnerability detection, wed love to have you on board Roles & Responsibilities: Work in our Attack Engine Team to create vulnerability detection rules that identify exploits in web applications, cloud environments, and APIs Conduct security research on vulnerabilities, CVEs, and zero-days impacting web technologies, cloud infrastructure, and API ecosystems Develop and maintain JavaScript/GoLang-based detection logic, leveraging your programming skills to automate security analysis and exploit identification Collaborate with security researchers and engineering teams to design and implement detection modules, APIs, and automation frameworks Work in an agile development environment, contributing to the architecture, design, and implementation of Astras web security engine Research, design, develop, and troubleshoot?what you build, you own Write secure, modular, testable, and well-documented code to maintain high-quality engineering standards Adhere to strict code review and security best practices, ensuring high-quality and maintainable code Ensure timely delivery of features, maintaining transparency with technical managers regarding development progress What we are looking for: Strong analytical mindset with a passion for security research and offensive security 3-4 years' experience involving security & development experience in JavaScript (preferred) or any curly-bracket language such as C, C++, PHP Understanding of security concepts and experience with vulnerability research for Web, API, and Cloud environments Excellent problem-solving skills and strong attention to detail Strong communication and collaboration skills, with the ability to work effectively in a remote team environment Eagerness to learn and adapt to new technologies, methodologies, and evolving security threats Hands-on experience with Git for version control and collaboration Good to have: Experience using security tools such as Burp Suite, OWASP ZAP, or similar vulnerability assessment tools Understanding of Software Architecture and Design Patterns, with the ability to write scalable and maintainable code Prior experience working in a remote role, with strong self-management and collaboration skills What we offer: Adrenaline rush of being a part of a fast-growing company and working on hard problems that matter Fully remote, agile working environment Good engineering culture with full ownership in design, development, and release lifecycle A wholesome opportunity where you get to build things from scratch, improve, and ship code to production in hours, not weeks Holistic understanding of the SaaS and security industry Annual trips to beaches or mountains (last one was to Wayanad!) Open and supportive culture Health insurance & other benefits for you and your spouse (maternity benefits included)