Location: onsite(Hyderabad)
Experience: 1–3 Years
Employment Type: Full-Time
Why This Role Exists
We build and operate production systems across web, desktop, and mobile platforms. As we scale, security cannot remain a final step—it must be embedded into how we build, ship, and run software.
This role exists to own security across the delivery pipeline, not just run scans.
What You Will Actually Do (Day-to-Day Impact)
- Embed security gates directly into CI/CD pipelines (not just reports, but fail builds on critical issues)
- Actively break our own systems (internal pentesting mindset) to identify real-world vulnerabilities
- Implement SAST, DAST, and dependency scanning and ensure findings are actually resolved
- Harden cloud infrastructure (IAM, network policies, secrets management) instead of relying on defaults
- Secure containerized workloads (Docker/Kubernetes) including image scanning and runtime controls
- Work with developers to fix vulnerabilities at code level, not just report them
- Define and enforce security baselines for all environments (dev → prod)
- Reduce attack surface across APIs, services, and deployments
- Automate security checks so that manual intervention is minimized
What We Expect You to Think Like
• You don’t just run tools—you understand what the vulnerability actually means
• You question assumptions like:
“What happens if this API is abused?”
“What if credentials leak?”
• You balance security vs delivery speed, not block releases unnecessarily
Core Skills (Non-Negotiable)
Hands-on experience integrating security into CI/CD pipelines (Jenkins / GitHub Actions / GitLab CI)
Practical knowledge of OWASP Top 10 vulnerabilities and how to exploit + fix them
Experience with at least one cloud (AWS / Azure / GCP) with focus on IAM & network security
Strong working knowledge of Linux systems and shell scripting
Experience with Docker and basic understanding of Kubernetes security concepts
Familiarity with tools like OWASP ZAP, Burp Suite, Snyk, Trivy, or similar
- Understanding of API security (auth, rate limiting, token handling)
What Will Make You Stand Out
- You have actually exploited a vulnerability (not just read about it)
- You’ve built or secured real CI/CD pipelines end-to-end
- You understand how attackers think, not just compliance checklists
- Exposure to Zero Trust, secrets rotation, or runtime security tools
- Contributions to security tools, writeups, or bug bounty participation
Tech Environment You’ll Work With
- Frontend: React,swift
- Backend: Node.js
- Mobile/Desktop: Swift, Kotlin
- Infrastructure: Cloud + CI/CD + Containerized workloads (AWS)
Success in This Role Looks Like
- Critical vulnerabilities are caught before production, not after
- Developers start writing secure code by default
- Security checks are automated and invisible, not bottlenecks
- Infrastructure is secure by design, not patched later
