Staff/Lead Security Engineer

We're looking for a Staff / Lead Security Engineer to own and elevate our security

posture across AI platforms, microservices, data pipelines and mobile/web products.

You'll design and build scalable security controls that integrate seamlessly into CI/CD

and cloud infrastructure, blending deep technical depth with practical risk judgment.

This is a breaker-builder role; you'll collaborate closely with AI, Product and DevOps

teams to embed security from the ground up.

Key Responsibilities:

Security Engineering & Automation

● Design and implement security automation frameworks for threat detection,

remediation and compliance validation across cloud and application layers.

● Operate SentinelOne EDR/XDR and SIEM platforms for automated detection and

response workflows.

● Develop tooling to improve security visibility across AI model pipelines, APIs and

data integrations.

● Integrate security controls (SAST, DAST, SCA, IaC scanning) into CI/CD

workflows via tools like Arnica.

Application & API Security

● Configure and manage Reblaze WAF for custom DDoS and bot protection.

● Conduct secure code reviews and threat modeling for AI microservices, REST

APIs and agentic frameworks.

● Partner with engineering teams to remediate vulnerabilities and enforce secure

SDLC practices.

● Lead periodic VAPT (Vulnerability Assessment & Penetration Testing) for web,

mobile and Agentic AI platforms.

Cloud & Infrastructure Security

● Secure multi-cloud (GCP/AWS) environments using native security services and

third-party tooling.

● Build and maintain IaC security baselines with automated configuration drift

detection.

● Manage secrets, IAM policies and container security across production

workloads.

● Architect and enforce Zero Trust Network Access (ZTNA) policies across internal

services, cloud workloads and third-party integrations. new

● Identify and remediate misconfigurations, exposed defaults and public exposures

across systems like Grafana, Zookeeper and Prometheus.

AI & Data Security

● Continuously monitor for compromised datasets, credentials and model theft

attempts across deep/dark web channels.

● Implement data protection controls for AI training pipelines, model storage and

inference endpoints.

● Deploy and tune DLP (Data Loss Prevention) policies to prevent sensitive data

exfiltration across SaaS, cloud and endpoint channels.

● Leverage CASB solutions to enforce security policies, gain visibility and control

data movement across cloud applications.

● Evaluate and mitigate risks including prompt injection, model leakage and data

exfiltration in AI agent deployments.

Monitoring, Threat Hunting & Incident Response

● Drive improvements to threat detection, alert triage and response automation

across internal teams.

● Conduct proactive threat hunting using SIEM telemetry, EDR/XDR signals and

threat intelligence feeds to detect stealthy or persistent adversaries.

● Lead digital forensic investigations — acquiring, preserving and analysing

artifacts from endpoints, cloud environments and network logs during security

incidents.

● Develop and maintain Security Incident Management (SIM) playbooks, runbooks

and post-incident review processes to drive continuous improvement.

● Monitor dark web forums and marketplaces for leaked data, compromised

credentials and fake breach claims.

● Build dashboards and reports to surface proactive risk visibility for stakeholders.

Compliance & Governance

● Contribute to implementation and ongoing compliance for ISO, SOC 2, GDPR

and HIPAA controls.

● Work with GRC tools (Sprinto, Scrut etc).

● Document policies, run internal audits and support external assessments.

● Manage security communications with third-party vendors (Google Security,

PingSafe, VisitHealth, etc.) and coordinate ethical disclosures.

Security Awareness & Leadership

● Conduct internal security training and phishing simulations for engineering and

business teams.

● Mentor engineers and interns on VAPT, incident response and secure coding

practices.

● Champion org-wide adoption of DMARC, SPF and DKIM for email protection

Requirements

● Experience: 7+ years in application, cloud or product security engineering.

● Strong programming and scripting in Python, Go or Node.js for security

automation and tooling

● Deep understanding of web and mobile security, OWASP Top 10 and secure

SDLC practices end to end

● Hands-on with IAM, key management and configuration monitoring on GCP or

AWS

● Experience with CSPM, CASB, DLP and SIEM platforms for cloud security

visibility and control

● ZTNA architecture and Zero Trust policy enforcement across multi-cloud

environments

● IaC security - Terraform, CloudFormation

● CI/CD security integration - GitHub Actions, Jenkins, GitLab CI

● Container and orchestration security - Docker, Kubernetes, EKS/GKE

● Proactive threat hunting using SIEM telemetry, EDR/XDR signals and threat intel

feeds

● Digital forensics - endpoint, cloud and network artifact acquisition and analysis

● Security Incident Management (SIM) - playbook development, runbooks and

post-mortems

● Vulnerability assessment and penetration testing across web, mobile and cloud

platforms

● WAF, bot protection and DDoS mitigation configuration and tuning

● Familiarity with AI model security — prompt injection, model leakage, inference

endpoint protection

● Familiar with ISO 27001, SOC 2, NIST, GDPR and HIPPA

● Fair understanding of GRC platforms (Sprinto, Scrut or similar)

● Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP

or CKS.

Soft Skills

● Strong analytical and problem-solving mindset - able to break down ambiguous

risk problems into structured, actionable findings

● Cross-functional collaboration with Product, AI, DevOps and business

stakeholders

● Passion for automation, continuous improvement and staying ahead of the

evolving threat landscape

● Clear communicator, effectively translating complex security risks into concise,

business-relevant insights that drive informed decision-making.

● Ownership-driven - comfortable making decisions and leading initiatives with

minimal supervision