Staff/Lead Security Engineer

Team: Security Engineering

Role Overview

We're looking for a Staff / Lead Security Engineer to own and elevate our security

posture across AI platforms, microservices, data pipelines and mobile/web products.

You'll design and build scalable security controls that integrate seamlessly into CI/CD

and cloud infrastructure, blending deep technical depth with practical risk judgment.

This is a breaker-builder role; you'll collaborate closely with AI, Product and DevOps

teams to embed security from the ground up.

Key Responsibilities: Security Engineering & Automation

• Design and implement security automation frameworks for threat detection,

• Operate SentinelOne EDR/XDR and SIEM platforms for automated detection and

• Develop tooling to improve security visibility across AI model pipelines, APIs and

• Integrate security controls (SAST, DAST, SCA, IaC scanning) into CI/CD

workflows via tools like Arnica.

• Configure and manage Reblaze WAF for custom DDoS and bot protection.
• Conduct secure code reviews and threat modeling for AI microservices, REST

• Partner with engineering teams to remediate vulnerabilities and enforce secure

• Lead periodic VAPT (Vulnerability Assessment & Penetration Testing) for web,

mobile and Agentic AI platforms.

• Secure multi-cloud (GCP/AWS) environments using native security services and

• Build and maintain IaC security baselines with automated configuration drift

• Manage secrets, IAM policies and container security across production

• Architect and enforce Zero Trust Network Access (ZTNA) policies across internal

• Identify and remediate misconfigurations, exposed defaults and public exposures

across systems like Grafana, Zookeeper and Prometheus.

• Continuously monitor for compromised datasets, credentials and model theft

• Implement data protection controls for AI training pipelines, model storage and

• Deploy and tune DLP (Data Loss Prevention) policies to prevent sensitive data

• Leverage CASB solutions to enforce security policies, gain visibility and control

• Evaluate and mitigate risks including prompt injection, model leakage and data

exfiltration in AI agent deployments.

• Drive improvements to threat detection, alert triage and response automation

• Conduct proactive threat hunting using SIEM telemetry, EDR/XDR signals and

• Lead digital forensic investigations — acquiring, preserving and analysing

• Develop and maintain Security Incident Management (SIM) playbooks, runbooks

• Monitor dark web forums and marketplaces for leaked data, compromised

• Build dashboards and reports to surface proactive risk visibility for stakeholders.

• Contribute to implementation and ongoing compliance for ISO, SOC 2, GDPR

• Work with GRC tools (Sprinto, Scrut etc).
• Document policies, run internal audits and support external assessments.
• Manage security communications with third-party vendors (Google Security,

PingSafe, VisitHealth, etc.) and coordinate ethical disclosures.

• Conduct internal security training and phishing simulations for engineering and

• Mentor engineers and interns on VAPT, incident response and secure coding

• Champion org-wide adoption of DMARC, SPF and DKIM for email protection

• Experience: 7+ years in application, cloud or product security engineering.
• Strong programming and scripting in Python, Go or Node.js for security

• Deep understanding of web and mobile security, OWASP Top 10 and secure

• Hands-on with IAM, key management and configuration monitoring on GCP or

• Experience with CSPM, CASB, DLP and SIEM platforms for cloud security

• ZTNA architecture and Zero Trust policy enforcement across multi-cloud

• IaC security - Terraform, CloudFormation
• CI/CD security integration - GitHub Actions, Jenkins, GitLab CI
• Container and orchestration security - Docker, Kubernetes, EKS/GKE
• Proactive threat hunting using SIEM telemetry, EDR/XDR signals and threat intel

• Digital forensics - endpoint, cloud and network artifact acquisition and analysis
• Security Incident Management (SIM) - playbook development, runbooks and

• Vulnerability assessment and penetration testing across web, mobile and cloud

• WAF, bot protection and DDoS mitigation configuration and tuning
• Familiarity with AI model security — prompt injection, model leakage, inference

• Familiar with ISO 27001, SOC 2, NIST, GDPR and HIPPA
• Fair understanding of GRC platforms (Sprinto, Scrut or similar)
• Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP

or CKS.

• Strong analytical and problem-solving mindset - able to break down ambiguous

• Cross-functional collaboration with Product, AI, DevOps and business

• Passion for automation, continuous improvement and staying ahead of the

• Clear communicator, effectively translating complex security risks into concise,

• Ownership-driven - comfortable making decisions and leading initiatives with

minimal supervision