Senior Security Engineer

Job Description

Your responsibilities: • Implement zero-trust security principles. • Design and implement security controls across cloud infrastructure and applications. • Build and maintain security-focused CI/CD pipelines with automated scanning. • Lead security incident response and vulnerability management programs. • Implement infrastructure as code (IaC) security controls and best practices. • Create self-service security tools and automation for development teams. • Set up and manage SIEM, logging, and security monitoring systems. • Conduct threat modeling and risk assessments for existing & new features. • Perform security architecture reviews and penetration testing. • Implement container and Kubernetes security controls. • Manage cloud security posture and implement security best practices and documentation. • Participate in on-call rotation for security incidents. • Drive security awareness and training initiatives across engineering teams. Educational Qualifications: • Bachelor's or master's degree in a quantitative field (e.g., Mathematics, Engineering, Computer Science). What are we looking for: • 6+ years of hands-on experience in security engineering and DevSecOps. • Strong analytical and problem-solving abilities. • Strong programming abilities in Python, Go or scripting languages. • Expert knowledge of CI/CD tools (GoCD, Jenkins, GitHub Actions, GitLab) • Deep understanding of cloud security in AWS/Azure/GCP. • Experience with container security and Kubernetes. • Proficiency in implementing and managing tools like Burp Suite, SAST/DAST. • Hands-on experience with Infrastructure as Code (Terraform). • Experience with security monitoring and SIEM systems. • Proven track record in security automation and tool development. • Practical experience in penetration testing and vulnerability assessment. • Experience with DevOps practices and modern development workflows. • Ability to mentor teams and drive security initiatives. • Experience in incident response and threat hunting. • [Bonus Points] Experience participating in bug bounty programs. Good to have skills: • Relevant security certifications like OSCP, CISSP, CEH. • Cloud certifications (AWS Security, CKS, CKAD). • Understanding of compliance frameworks (SOC 2, ISO 27001). • Understanding of distributed systems & technologies. • Ability to drive decisions in technology choices. Professional traits: • Self-motivated, persistent and Never Give Up” attitude. • Passion for innovation and adaptability to a lean startup culture. • Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate. Note: We prioritize hands-on experience and demonstrated skills over certifications