# Senior Security Engineer

**Company:** [Apna](http://jobs.workable.com/companies/oGcPwdAqKGbezdH7GyyVKX.md)
**Location:** Bengaluru, India
**Workplace:** on site
**Department:** Engineering

[Apply for this job](http://jobs.workable.com/view/fe8701ed-fba2-40db-82e5-94aa7060a64c)

## Description

### Title: Senior Security Engineer (Sr.SE )

**Location: Bengaluru**

**Employment Type: Full-time**

**Team: Security Engineering   
Experience: 3-5 years**

**Role Overview**

As a Senior Security Engineer, you will play a key role in strengthening the company’s overall security posture across our AI platforms, microservices, data pipelines and mobile/web products. You will design, build and automate scalable security controls that integrate seamlessly into our CI/CD pipelines and cloud infrastructure.

This role demands a hands-on breaker-builder who can balance deep technical expertise with practical risk management, while collaborating with AI, product, and DevOps teams.

## Requirements

**1\. Security Engineering & Automation**

-   Design and implement security automation frameworks for threat detection, remediation and compliance validation across cloud and application layers.
-   Develop tools and scripts to enhance security visibility in AI model pipelines, APIs and data integrations.
-   Integrate security controls into CI/CD workflows (SAST, DAST, SCA, IaC scanning).
-   Worked on XDR/SIEM for automated detection and response.

**2\. Application & API Security**

-   Perform secure code reviews and threat modeling for AI microservices, REST APIs and agent frameworks.
-   Collaborate with developers to remediate vulnerabilities and enforce secure SDLC practices.
-   Lead periodic VAPT (Vulnerability Assessment & Penetration Testing) for web, mobile apps, Agentic AI platform and connected services. 
-   Identified and mitigated vulnerabilities such as OTP bypass, data leaks in public GCS buckets and source code exposure.

**3\. Cloud & Infrastructure Security**

-   Secure multi-cloud (GCP/AWS) environments using native and third-party tools.
-   Build and maintain IaC security baselines and automated configuration drift detection.
-   Configure and manage WAF for custom DDoS and bot protection.
-   Manage secrets, IAM and container security best practices across production workloads.
-   Fix misconfigurations, default credentials, and public exposures across systems like Grafana, Zookeeper, and Prometheus.

**4\. AI & Data Security**

-   Continuously monitor for compromised datasets, credentials, and model theft attempts in deep/dark web spaces.
-   Implement data protection mechanisms for AI training pipelines, model storage and inference endpoints.
-   Evaluate and mitigate prompt injection, model leakage and data exfiltration risks in AI agents.

**5\. Monitoring & Incident Response**

-   Collaborate with internal teams to improve threat detection, alert triage and response automation.
-   Monitor dark web and forums like Telegram/Russian marketplaces for leaked data, compromised credentials, and fake breach claims.
-   Build dashboards and reports for proactive risk visibility.

**6\. Security Awareness & Leadership**

-   Conduct internal security training and phishing simulations.
-   Mentor interns and engineers on VAPT, incident response, and secure coding.
-   Advocate for organization-wide adoption of DMARC, SPF, and DKIM for email protection.

**7\. Compliance & Governance**

-   Conduct internal security training and phishing simulations.
-   Contribute to ISO 27001, SOC 2, GDPR and HIPAA security controls implementation.
-   Document policies, run internal audits and support external assessments.
-   Manage security communications with third-party vendors (Google Security, VisitHealth, PingSafe, etc.) and ethical disclosures.

### Key Requirements

-   Experience: 3-5 years in application, cloud or product security engineering.
-   Strong programming/scripting in Python, Go or Node.js (for automation).
-   Deep understanding of web and mobile security, OWASP Top 10, and secure SDLC practices.
-   **Hands-on experience with:**

-   Cloud security (IAM, key management, configuration monitoring, threat detection and security monitoring using tools like CSPM, CASB, SIEM, etc.)
-   IaC tools (Terraform, CloudFormation)
-   CI/CD tools (GitHub Actions, Jenkins, GitLab CI)
-   Strong understanding of containers (Docker, Kubernetes, EKS/GKE)

-   Familiar with AI model security and data privacy principles (preferred).
-   Knowledge of compliance frameworks like ISO 27001, SOC2, NIST or GDPR.
-   Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP or CKS.

### Soft Skills

-   Strong analytical and problem-solving mindset.
-   Excellent cross-functional collaboration.
-   Passion for innovation, automation and continuous learning.