Job description
Job Title: Staff/Lead Security Engineer Location: Bengaluru Experience: 8+ years Employment Type: Full-time Team: Security Engineering Role Overview We're looking for a Staff / Lead Security Engineer to own and elevate our security posture across AI platforms, microservices, data pipelines and mobile/web products.
You'll design and build scalable security controls that integrate seamlessly into CI/CD and cloud infrastructure, blending deep technical depth with practical risk judgment.
This is a breaker-builder role; you'll collaborate closely with AI, Product and DevOps teams to embed security from the ground up.
Key Responsibilities: Security Engineering & Automation ● Design and implement security automation frameworks for threat detection, remediation and compliance validation across cloud and application layers.
● Operate SentinelOne EDR/XDR and SIEM platforms for automated detection and response workflows.
● Develop tooling to improve security visibility across AI model pipelines, APIs and data integrations.
● Integrate security controls (SAST, DAST, SCA, IaC scanning) into CI/CD workflows via tools like Arnica.
Application & API Security ● Configure and manage Reblaze WAF for custom DDoS and bot protection.
● Conduct secure code reviews and threat modeling for AI microservices, REST APIs and agentic frameworks.
● Partner with engineering teams to remediate vulnerabilities and enforce secure SDLC practices.
● Lead periodic VAPT (Vulnerability Assessment & Penetration Testing) for web, mobile and Agentic AI platforms.
Cloud & Infrastructure Security ● Secure multi-cloud (GCP/AWS) environments using native security services and third-party tooling.
● Build and maintain IaC security baselines with automated configuration drift detection.
● Manage secrets, IAM policies and container security across production workloads.
● Architect and enforce Zero Trust Network Access (ZTNA) policies across internal services, cloud workloads and third-party integrations.
new ● Identify and remediate misconfigurations, exposed defaults and public exposures across systems like Grafana, Zookeeper and Prometheus.
AI & Data Security ● Continuously monitor for compromised datasets, credentials and model theft attempts across deep/dark web channels.
● Implement data protection controls for AI training pipelines, model storage and inference endpoints.
● Deploy and tune DLP (Data Loss Prevention) policies to prevent sensitive data exfiltration across SaaS, cloud and endpoint channels.
● Leverage CASB solutions to enforce security policies, gain visibility and control data movement across cloud applications.
● Evaluate and mitigate risks including prompt injection, model leakage and data exfiltration in AI agent deployments.
Monitoring, Threat Hunting & Incident Response ● Drive improvements to threat detection, alert triage and response automation across internal teams.
● Conduct proactive threat hunting using SIEM telemetry, EDR/XDR signals and threat intelligence feeds to detect stealthy or persistent adversaries.
● Lead digital forensic investigations — acquiring, preserving and analysing artifacts from endpoints, cloud environments and network logs during security incidents.
● Develop and maintain Security Incident Management (SIM) playbooks, runbooks and post-incident review processes to drive continuous improvement.
● Monitor dark web forums and marketplaces for leaked data, compromised credentials and fake breach claims.
● Build dashboards and reports to surface proactive risk visibility for stakeholders.
Compliance & Governance ● Contribute to implementation and ongoing compliance for ISO, SOC 2, GDPR and HIPAA controls.
● Work with GRC tools (Sprinto, Scrut etc).
● Document policies, run internal audits and support external assessments.
● Manage security communications with third-party vendors (Google Security, PingSafe, VisitHealth, etc.
) and coordinate ethical disclosures.
Security Awareness & Leadership ● Conduct internal security training and phishing simulations for engineering and business teams.
● Mentor engineers and interns on VAPT, incident response and secure coding practices.
● Champion org-wide adoption of DMARC, SPF and DKIM for email protection ● Experience: 7+ years in application, cloud or product security engineering.
● Strong programming and scripting in Python, Go or Node.
js for security automation and tooling ● Deep understanding of web and mobile security, OWASP Top 10 and secure SDLC practices end to end ● Hands-on with IAM, key management and configuration monitoring on GCP or AWS ● Experience with CSPM, CASB, DLP and SIEM platforms for cloud security visibility and control ● ZTNA architecture and Zero Trust policy enforcement across multi-cloud environments ● IaC security - Terraform, CloudFormation ● CI/CD security integration - GitHub Actions, Jenkins, GitLab CI ● Container and orchestration security - Docker, Kubernetes, EKS/GKE ● Proactive threat hunting using SIEM telemetry, EDR/XDR signals and threat intel feeds ● Digital forensics - endpoint, cloud and network artifact acquisition and analysis ● Security Incident Management (SIM) - playbook development, runbooks and post-mortems ● Vulnerability assessment and penetration testing across web, mobile and cloud platforms ● WAF, bot protection and DDoS mitigation configuration and tuning ● Familiarity with AI model security — prompt injection, model leakage, inference endpoint protection ● Familiar with ISO 27001, SOC 2, NIST, GDPR and HIPPA ● Fair understanding of GRC platforms (Sprinto, Scrut or similar) ● Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP or CKS.
Soft Skills ● Strong analytical and problem-solving mindset - able to break down ambiguous risk problems into structured, actionable findings ● Cross-functional collaboration with Product, AI, DevOps and business stakeholders ● Passion for automation, continuous improvement and staying ahead of the evolving threat landscape ● Clear communicator, effectively translating complex security risks into concise, business-relevant insights that drive informed decision-making.
● Ownership-driven - comfortable making decisions and leading initiatives with minimal supervision
This job post has been translated by AI and may contain minor differences or errors.
