Role - Security EngineerExperience - 3-6 yrsLocation - BangaloreRequired Skills & Experience:● 3 to 6 years of solid hands-on experience in the VAPT domain● Solid understanding of Web, Android, and iOS application security● Experience with DevSecOps tools and integrating security into CI/CD● Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models● Familiarity with bug bounty programs and responsible disclosure practices● Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc● Good knowledge of API security● Scripting experience (Python, Bash, or similar) for automation tasksPreferred Qualifications:● OSCP, CEH, AWS Security Specialty, or similar certifications● Experience working in a regulated environment (e.g., FinTech, InsurTech)Responsibilities:● Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints● Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components● Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities● Conduct secure code reviews and red team assessments● Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines● Automate security checks using tools like SonarQube, Snyk, Trivy, etc.● Maintain and manage vulnerability scanning infrastructure● Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes.● Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring● Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines● Triage bug bounty reports and coordinate remediation with engineering teams● Act as the primary responder for external security disclosures● Maintain documentation and metrics related to bug bounty and penetration testing activities● Collaborate with developers and architects to ensure secure design decisions● Lead security design reviews for new features and products● Provide actionable risk assessments and mitigation plans to stakeholders
Job Title
Security Engineer