POSITION OVERVIEW

We are looking for an experienced Security Engineer with 7-10 years of proven expertise in application, infrastructure, and cloud security. The ideal candidate will have hands-on experience in penetration testing, DevSecOps practices, cloud security (AWS & Azure), and security architecture. They will also play a key role in building a strong security culture, driving awareness, and collaborating with multiple teams to integrate security seamlessly across the organization.

QUALIFICATIONS

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
• 7-10 years of experience in information security roles.
• Strong expertise in penetration testing (web, mobile, API) with hands-on experience.
• Hands-on experience with SAST, DAST, SCA, IaC scanning, and container security tools (e.g., SemGrep, Checkmarx, Veracode, BurpSuite, ZAP, Prisma, Trivy, etc.).
• Deep understanding of DevSecOps principles, CI/CD pipeline security, and security automation.
• Knowledge of cloud security best practices in AWS and Azure (e.g., IAM, networking, encryption, monitoring).
• Familiarity with Kubernetes, Docker, and container runtime security.
• Solid grasp of security architecture and secure design principles.
• Strong scripting skills (Python, Bash, or similar).
• Excellent communication and stakeholder management skills.

SOFT SKILLS

• Strong analytical and problem-solving mindset.
• Ability to explain technical risks to non-technical audiences.
• Collaborative approach, working effectively with development, DevOps, product, and leadership teams.
• Passion for continuous learning and building a culture of security.

• Perform penetration testing of web applications, mobile applications, and APIs.
• Perform secure code reviews to identify vulnerabilities in application code, scripts, and configurations.
• Configure, fine-tune, and review results from SAST, DAST, IaC, container, and dependency scanning tools.
• Drive DevSecOps initiatives, including security integration in CI/CD pipelines.
• Review and enhance Kubernetes security, container security, and infrastructure security.
• Contribute to security architecture design and reviews for applications, infrastructure, and cloud.
• Conduct threat modeling, risk assessments, and vulnerability management.
• Establish and deliver security training, awareness sessions, and best practices to teams.
• Collaborate with development, DevOps, and infrastructure teams to ensure secure design and delivery.
• Act as a security advisor to stakeholders, explaining risks and recommendations in simple, non-technical terms.
• Participate in incident response and post-incident reviews, ensuring lessons learned are applied.
• Stay updated on emerging threats, attack techniques, and new security technologies.