Lead Security Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Conduct and oversee both manual and automated penetration testing across applications, APIs, and cloud services.

• Lead threat modeling and secure architecture evaluations across application and infrastructure layers.

• Partner with Infra/DevOps to design cloud network architecture, encompassing VPC design, security groups, routing, and segmentation.

• Develop and provide guidance on cloud-native security measures such as IAM hardening, role boundaries, secrets management, and the principle of least privilege.

• Assess and enhance the security posture of Kubernetes and container environments, focusing on runtime, image, and network layers.

• Execute secure-by-default methodologies throughout the Software Development Life Cycle (SDLC), Continuous Integration/Continuous Deployment (CI/CD), and Infrastructure-as-Code practices.

• Keep abreast of emerging threats, Common Vulnerabilities and Exposures (CVEs), and vulnerabilities pertinent to our technology stack (web, cloud, infrastructure).

• Shape internal security tools, automation workflows, and security review protocols.

• Act as a security consultant for engineering, Site Reliability Engineering (SRE), and product teams involved in key projects.

⛳️ Requirements

• Over 8 years of cumulative experience in Application Security, Security Engineering, or Penetration Testing positions.

• Robust hands-on expertise in threat modeling, secure architecture assessments, and penetration testing.

• Familiarity with OWASP Top 10, STRIDE, and contemporary security frameworks.

• Proficient in utilizing tools such as Burp Suite, ZAP, Snyk, Metasploit, and Semgrep.

• Capability to read and interpret code (for example, JavaScript, Go, PHP, or Node.js).

• Practical understanding of cloud security principles, with a preference for AWS.

🏝️ Benefits

• Health insurance coverage.

• 401(k) matching contributions.

• Flexible working hours.

• Paid time off.

• Options for remote work.