Security Engineer 3 at Cashfree Payments India Private Limited

Bellandur, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

27 May, 26

Salary

0.0

Posted On

26 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Posture, Architecture, Automation, Cloud Security, Detection Engineering, Zero Trust, IaC, Terraform, CI/CD, SAST, DAST, Threat Modeling, SIEM, SOAR, Python, Go

Industry

Financial Services

Description

Security Engineer – 3 End-to-End Security Posture, Architecture & Automation Leadership Location: Bangalore (Work From Office) Reports to: CISO Cashfree Payments manages mission-critical payment and API infrastructure under RBI and PCI-DSS compliance. We require uncompromising security and resilience to handle high-volume financial transactions. We are building an automation-first, intelligence-driven security organization designed to scale with business growth without linear headcount expansion. Role Summary The Security Engineer - 3 owns the security engineering strategy across application, cloud, and detection. This role partners closely with Engineering, Platform, and GRC teams, with the authority to define security standards, guardrails, and architectural baselines. This is an engineering-driven security leadership position, not a ticket-triage or compliance reporting role. We seek a highly autonomous, hands-on security engineer to own and elevate the organization’s security posture end-to-end. This is a builder’s role focused on designing scalable systems. The role requires someone who: ● Operates independently, converting ambiguity into structured execution. ● Defines measurable security KPIs and delivers sustained improvement. ● Engineers scalable automation across the security lifecycle. ● Leads technical decision-making and mentors team members. ● Leverages AI and emerging technologies to amplify security impact. Key Responsibilities Enterprise Security Posture & Risk Engineering ● Define and track measurable KPIs (risk reduction, MTTR). ● Design and operationalize vulnerability lifecycle management. ● Translate RBI and PCI-DSS expectations into automated technical controls and build engineering-driven audit readiness frameworks. ● Identify and eliminate systemic security weaknesses. Secure Architecture & Cloud Security Engineering ● Architect and secure multi-account AWS environments, hardening Kubernetes (EKS). Implement Zero Trust principles (mTLS, OAuth2, OIDC, JWT). ● Engineer IAM, secrets management, encryption controls, and network segmentation (VPC architecture, WAF). ● Embed security controls into Infrastructure-as-Code (Terraform). Shift-Left & DevSecOps Automation at Scale ● Architect fully automated CI/CD-integrated security testing (SAST, DAST, SCA, Container scanning, IaC scanning, Secrets detection). ● Build policy-as-code guardrails, engineer contextual vulnerability prioritization, and drive security-as-code adoption to reduce manual review dependency. Offensive Security & Threat Modeling Leadership ● Oversee and coordinate periodic VAPT engagements (internal and external). ● Conduct advanced white-box security assessments and lead structured threat modeling (STRIDE). ● Review authentication/authorization logic, evaluate API attack surfaces, and demonstrate exploitability where necessary. Detection Engineering, Incident Leadership & Response Maturity ● Design scalable detection strategies using cloud-native telemetry (CloudTrail, Kubernetes logs) and SIEM/SOAR. ● Engineer contextual alerting, lead technical response during incidents, drive root cause analysis, and improve detection/response automation. AI-Driven Security Innovation ● Implement AI-assisted secure code review and vulnerability triage. ● Identify and mitigate LLM security risks. ● Automate prioritization using contextual risk signals and continuously evaluate emerging AI-driven security technologies. Technical Leadership & Team Elevation Mentor team members, establish reusable security frameworks and engineering standards, influence architecture decisions, and build scalable security systems. Technology Environment ● AWS (multi-account architecture) ● Kubernetes (EKS-based microservices) ● API-driven services (Java / Go / Node ecosystem) ● CI/CD pipelines (Git-based workflows) ● Infrastructure as Code (Terraform) ● Centralized logging and monitoring stack Required Qualifications and Expertise ● B.Tech. in Computer Science, Electrical, or Computer Engineering, or equivalent work experience as a software engineering or security practitioner. ● 7+ years of deep hands-on security engineering experience (or equivalent architectural depth). ● Proven track record of independently driving security transformation. ● Strong expertise in: AWS security architecture, Kubernetes & container security, Secure SDLC & CI/CD integration, IaC security, API & authentication security, Vulnerability lifecycle management, and Detection engineering. ● Strong programming/scripting skills (Python/ Go). ● Experience correlating technical risk to business impact. ● Ability to operate effectively without detailed managerial direction. What Excellence Looks Like ● Security posture measurably improves quarter over quarter. ● Automation replaces repetitive manual effort. ● Critical vulnerabilities decline structurally. ● Detection and remediation timelines consistently improve. ● Audit cycles become predictable and engineering-driven. ● Security scales without proportional headcount growth.

Responsibilities

This Security Engineer role owns the security engineering strategy across application, cloud, and detection, defining standards and architectural baselines in partnership with Engineering and GRC teams. Key duties include engineering scalable automation, designing secure AWS/Kubernetes environments, implementing Zero Trust, and leading technical decision-making for security posture improvement.