Senior Security Engineer · Bengaluru

What You’ll Do

• Mentor junior Security Engineers and Security Champions on security best practices and techniques.

• Improve our security tooling and processes.

• Conduct security talks and training sessions.

• Identify critical flaws and weaknesses in our web applications, services and our cloud infrastructure then design and implement strategic solutions to remediate them.

• Write and review technical proposals, architectural diagrams, application code and IaC.

• Use automated and manual testing techniques to gain a better understanding of the environment and reduce false negatives.

• Reduce manual security review efforts by improving our tooling and processes.

• Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments.

• Consolidate and track vulnerabilities across our organisation and our supply chain to assist in identifying areas to focus our security uplift efforts.

• Review and define requirements for developing and deploying secure products; create guidelines and standards to meet these requirements.

• Work closely with the team to build systems that protect against and eradicate entire classes of vulnerabilities.

About You

• Experience working as a Senior Security Engineer with deep involvement in securing modern web applications and APIs.

• Experience conducting threat modelling, security reviews and risk assessments.

• Solid project management experience leading initiatives that have measurably improved the security of organisations.

• Proficient in one or more high-level programming languages.

• Proficient with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems.

• Experience securing Data to meet various privacy framework and regulation requirements.

• Deep understanding and experience in securing AWS environments.

• Experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC to ensure the most relevant vulnerabilities are surfaced and false positives are kept to a minimum.

• Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies).

• Strong understanding of various authentication/authorization protocols e.g. OAuth, SAML and JWT.