Startup Jobs
Post a Job
Apna

Security Engineer

Bengaluru , India

AI overview

Enhance security across AI platforms and microservices by designing automated security controls in CI/CD pipelines and collaborating with cross-functional teams.

Job Title: Senior Security Engineer (Sr.SE )

Location: Bengaluru
Employment Type: Full-time
Team: Security Engineering 

Role Overview

As a Senior Security Engineer, you will play a key role in strengthening the company’s overall security posture across our AI platforms, microservices, data pipelines and mobile/web products. You will design, build and automate scalable security controls that integrate seamlessly into our CI/CD pipelines and cloud infrastructure.

This role demands a hands-on breaker-builder who can balance deep technical expertise with practical risk management, while collaborating with AI, product, and DevOps teams.

Requirements

Key Responsibilities

Key Responsibilities

1. Security Engineering & Automation

  • Design and implement security automation frameworks for threat detection, remediation and compliance validation across cloud and application layers.
  • Develop tools and scripts to enhance security visibility in AI model pipelines, APIs and data integrations.
  • Integrate security controls into CI/CD workflows (SAST, DAST, SCA, IaC scanning).
  • Worked on XDR/SIEM for automated detection and response.

2. Application & API Security

  • Perform secure code reviews and threat modeling for AI microservices, REST APIs and agent frameworks.
  • Collaborate with developers to remediate vulnerabilities and enforce secure SDLC practices.
  • Lead periodic VAPT (Vulnerability Assessment & Penetration Testing) for web, mobile apps, Agentic AI platform and connected services. 
  • Identified and mitigated vulnerabilities such as OTP bypass, data leaks in public GCS buckets and source code exposure.

3. Cloud & Infrastructure Security

  • Secure multi-cloud (GCP/AWS) environments using native and third-party tools.
  • Build and maintain IaC security baselines and automated configuration drift detection.
  • Configure and manage WAF for custom DDoS and bot protection.
  • Manage secrets, IAM and container security best practices across production workloads.
  • Fix misconfigurations, default credentials, and public exposures across systems like Grafana, Zookeeper, and Prometheus.

4. AI & Data Security

  • Continuously monitor for compromised datasets, credentials, and model theft attempts in deep/dark web spaces.
  • Implement data protection mechanisms for AI training pipelines, model storage and inference endpoints.
  • Evaluate and mitigate prompt injection, model leakage and data exfiltration risks in AI agents.

5. Monitoring & Incident Response

  • Collaborate with internal teams to improve threat detection, alert triage and response automation.
  • Monitor dark web and forums like Telegram/Russian marketplaces for leaked data, compromised credentials, and fake breach claims.
  • Build dashboards and reports for proactive risk visibility.

6. Security Awareness & Leadership

  • Conduct internal security training and phishing simulations.
  • Mentor interns and engineers on VAPT, incident response, and secure coding.
  • Advocate for organization-wide adoption of DMARC, SPF, and DKIM for email protection.

7. Compliance & Governance

  • Conduct internal security training and phishing simulations.
  • Contribute to ISO 27001, SOC 2, GDPR and HIPAA security controls implementation.
  • Document policies, run internal audits and support external assessments.
  • Manage security communications with third-party vendors (Google Security, VisitHealth, PingSafe, etc.) and ethical disclosures.

Key Requirements

  • Experience: 1 - 4 years in application, cloud or product security engineering.
  • Strong programming/scripting in Python, Go or Node.js (for automation).
  • Deep understanding of web and mobile security, OWASP Top 10, and secure SDLC practices.
  • Hands-on experience with:
    • Cloud security (IAM, key management, configuration monitoring, threat detection and security monitoring using tools like CSPM, CASB, SIEM, etc.)
    • IaC tools (Terraform, CloudFormation)
    • CI/CD tools (GitHub Actions, Jenkins, GitLab CI)
    • Strong understanding of containers (Docker, Kubernetes, EKS/GKE)
  • Familiar with AI model security and data privacy principles (preferred).
  • Knowledge of compliance frameworks like ISO 27001, SOC2, NIST or GDPR.
  • Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP or CKS.

Soft Skills

  • Strong analytical and problem-solving mindset.
  • Excellent cross-functional collaboration.
  • Passion for innovation, automation and continuous learning.
Apna

Founded in 2019, the Apna mobile app is India’s largest professional networking platform dedicated to helping India’s burgeoning working class to unlock unique professional networking, and skilling opportunities. The app is currently live in 14 cities - Mumbai, Delhi-NCR, Bengaluru, Hyderabad, Pune, Ahmedabad, Jaipur, Ranchi, Kolkata, Surat, Lucknow, Kanpur, Ludhiana, and Chandigarh. Having raised $90+ million from marquee investors like Insight Partners, Tiger Global, Lightspeed India, Sequoia Capital, Rocketship.vc and Greenoaks Capital, Apna is on a mission to enable livelihoods for billions in India. With over 10 million users, present in 14 cities and counting, and over 100,000 employers that trust the platform - India has a new destination to discover relevant opportunities.

Website LinkedIn
View all jobs
Get hired quicker

Be the first to apply. Receive an email whenever similar jobs are posted.

Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Security Engineer Q&A's
Report this job
Apply for this job