# Staff/Lead Security Engineer

**Company:** [Apna](http://jobs.workable.com/companies/oGcPwdAqKGbezdH7GyyVKX.md)
**Location:** Bengaluru, India
**Workplace:** on site
**Employment type:** Full-time

[Apply for this job](http://jobs.workable.com/view/d4fdef23-23d6-4068-803f-15fadbe81e61)

## Description

**Job Title: Staff/Lead Security Engineer**

**Location: Bengaluru**

**Experience: 8+ years**

**Employment Type: Full-time**

**Team: Security Engineering**

**Role Overview**

We're looking for a Staff / Lead Security Engineer to own and elevate our security

posture across AI platforms, microservices, data pipelines and mobile/web products.

You'll design and build scalable security controls that integrate seamlessly into CI/CD

and cloud infrastructure, blending deep technical depth with practical risk judgment.

This is a breaker-builder role; you'll collaborate closely with AI, Product and DevOps

teams to embed security from the ground up.

  
**Key Responsibilities:**  
**Security Engineering & Automation**  
● Design and implement security automation frameworks for threat detection,  
remediation and compliance validation across cloud and application layers.  
● Operate SentinelOne EDR/XDR and SIEM platforms for automated detection and  
response workflows.  
● Develop tooling to improve security visibility across AI model pipelines, APIs and  
data integrations.  
● Integrate security controls (SAST, DAST, SCA, IaC scanning) into CI/CD  
workflows via tools like Arnica.

  
**Application & API Security**  
● Configure and manage Reblaze WAF for custom DDoS and bot protection.  
● Conduct secure code reviews and threat modeling for AI microservices, REST  
APIs and agentic frameworks.  
● Partner with engineering teams to remediate vulnerabilities and enforce secure  
SDLC practices.  
● Lead periodic VAPT (Vulnerability Assessment & Penetration Testing) for web,  
mobile and Agentic AI platforms.

  
**Cloud & Infrastructure Security**  
● Secure multi-cloud (GCP/AWS) environments using native security services and  
third-party tooling.  
● Build and maintain IaC security baselines with automated configuration drift  
detection.  
● Manage secrets, IAM policies and container security across production  
workloads.

● Architect and enforce Zero Trust Network Access (ZTNA) policies across internal  
services, cloud workloads and third-party integrations. new  
● Identify and remediate misconfigurations, exposed defaults and public exposures  
across systems like Grafana, Zookeeper and Prometheus.

  
**AI & Data Security**  
● Continuously monitor for compromised datasets, credentials and model theft  
attempts across deep/dark web channels.  
● Implement data protection controls for AI training pipelines, model storage and  
inference endpoints.  
● Deploy and tune DLP (Data Loss Prevention) policies to prevent sensitive data  
exfiltration across SaaS, cloud and endpoint channels.  
● Leverage CASB solutions to enforce security policies, gain visibility and control  
data movement across cloud applications.  
● Evaluate and mitigate risks including prompt injection, model leakage and data  
exfiltration in AI agent deployments.

  
**Monitoring, Threat Hunting & Incident Response**  
● Drive improvements to threat detection, alert triage and response automation  
across internal teams.  
● Conduct proactive threat hunting using SIEM telemetry, EDR/XDR signals and  
threat intelligence feeds to detect stealthy or persistent adversaries.  
● Lead digital forensic investigations — acquiring, preserving and analysing  
artifacts from endpoints, cloud environments and network logs during security  
incidents.  
● Develop and maintain Security Incident Management (SIM) playbooks, runbooks  
and post-incident review processes to drive continuous improvement.  
● Monitor dark web forums and marketplaces for leaked data, compromised  
credentials and fake breach claims.  
● Build dashboards and reports to surface proactive risk visibility for stakeholders.

  
**Compliance & Governance**  
● Contribute to implementation and ongoing compliance for ISO, SOC 2, GDPR  
and HIPAA controls.  
● Work with GRC tools (Sprinto, Scrut etc).  
● Document policies, run internal audits and support external assessments.  
● Manage security communications with third-party vendors (Google Security,  
PingSafe, VisitHealth, etc.) and coordinate ethical disclosures.

**Security Awareness & Leadership**  
● Conduct internal security training and phishing simulations for engineering and  
business teams.  
● Mentor engineers and interns on VAPT, incident response and secure coding  
practices.  
● Champion org-wide adoption of DMARC, SPF and DKIM for email protection

## Requirements

● Experience: 7+ years in application, cloud or product security engineering.  
● Strong programming and scripting in Python, Go or Node.js for security  
automation and tooling  
● Deep understanding of web and mobile security, OWASP Top 10 and secure  
SDLC practices end to end  
● Hands-on with IAM, key management and configuration monitoring on GCP or  
AWS  
● Experience with CSPM, CASB, DLP and SIEM platforms for cloud security  
visibility and control  
● ZTNA architecture and Zero Trust policy enforcement across multi-cloud  
environments  
● IaC security - Terraform, CloudFormation  
● CI/CD security integration - GitHub Actions, Jenkins, GitLab CI  
● Container and orchestration security - Docker, Kubernetes, EKS/GKE  
● Proactive threat hunting using SIEM telemetry, EDR/XDR signals and threat intel  
feeds  
● Digital forensics - endpoint, cloud and network artifact acquisition and analysis  
● Security Incident Management (SIM) - playbook development, runbooks and  
post-mortems  
● Vulnerability assessment and penetration testing across web, mobile and cloud  
platforms  
● WAF, bot protection and DDoS mitigation configuration and tuning  
● Familiarity with AI model security — prompt injection, model leakage, inference  
endpoint protection  
● Familiar with ISO 27001, SOC 2, NIST, GDPR and HIPPA  
● Fair understanding of GRC platforms (Sprinto, Scrut or similar)  
● Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP  
or CKS.

**Soft Skills**  
● Strong analytical and problem-solving mindset - able to break down ambiguous  
risk problems into structured, actionable findings  
● Cross-functional collaboration with Product, AI, DevOps and business  
stakeholders  
● Passion for automation, continuous improvement and staying ahead of the  
evolving threat landscape  
● Clear communicator, effectively translating complex security risks into concise,  
business-relevant insights that drive informed decision-making.  
● Ownership-driven - comfortable making decisions and leading initiatives with  
minimal supervision