Job location: Remote
About the role:
In this role, you will own the end-to-end security posture of our product platform — spanning mobile applications, REST APIs, microservices, cloud infrastructure, and third-party integrations. You will be involved into the product and engineering lifecycle early, shaping secure design decisions before code is written, and validating them through rigorous assessment. This is a hands-on, deeply technical role where you will both break and help build.
- Own Application security responsibility for assigned business functions by performing threat modeling, architecture reviews, penetration testing, secure coding programs, and vulnerability management.
- Perform manual penetration testing and vulnerability assessments on web applications, APIs, and android mobile applications
- Perform security reviews for AI‑native products, models, pipelines, and inference services.
- Onboard applications into the SSDLC program and be a security point of contact for the application product.
- Own security incident response for product-layer issues, define remediation plans, and track fixes through to closure
- Integrate and tune SAST/DAST/IAST/SCA tools in CI/CD, create custom rules where needed and actively triage false positives.
- Review and harden cloud infrastructure — Kubernetes RBAC, pod security, network policies, Istio service mesh, Keycloak/OIDC configurations, and IAM across AWS, DigitalOcean, GCP, and Firebase
- Communicate vulnerabilities and risk clearly to developers, product managers, and leadership — in language that drives actionable results
- Conduct Application security trainings for engineers, product managers etc
Experience
- 2–4 years of hands-on application security experience, ideally in product‑based or SaaS companies working directly with engineering teams.
- Solid understanding of OWASP Top 10, API Security Top 10, and common authorization flaws including BOLA, BFLA, and privilege escalation
- Familiarity with security compliance and data privacy frameworks relevant to fintech (SOC 2, PCI-DSS, GDPR, DPDP or similar) is an advantage
Technical Skills
- Perform manually testing web apps, APIs, and Android apps, manual code reviews (beyond just running tools).
- Familiarity with OAuth2, OIDC, JWT, and typical misconfigurations in providers such as Keycloak and Firebase.
- Experience integrating and tuning SAST/DAST (and optionally SCA/IAST) tools within CI/CD pipelines.
- Exposure to cloud‑native security: Kubernetes, containers, service mesh (Istio mTLS and policies), and IAM concepts across at least one major cloud provider.
- Experience with Cloudflare WAF, perimeter security scanning, and/or red‑team testing is a plus.
AI and LLM security (strong plus)
- Familiarity with AI/LLM security risks (e.g., OWASP LLM Top 10).
- Practical experience implementing guardrails, prompt validation, output filtering, or other safety controls in production AI features, or assessing insecure use of third‑party AI APIs.
Automation and tooling
- Ability to script/automate (e.g., Python, Bash) to streamline testing, data collection, and reporting.
- Interest in or experience with building AI based security tools that improve coverage or reduce manual toil.
Passion for security
- Keep abreast of the latest security vulnerabilities and security trends
- Work in a low supervision environment with high accountability
Qualifications
- Bachelor's degree in Computer Science, Cyber Security is preferred
- At least 2 years of experience in the Application security domain.
- Security certification such as OSCP, OSWE, GWAPT, GPEN, CRTP is preferred; active bug bounty participation is a strong plus
- Outstanding communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders.
- Professional growth in a dynamic, rapidly expanding, high-social-impact industry
- An open-minded, collaborative culture made up of enthusiastic colleagues who are driven by the challenge of innovation towards profound impact on people and the planet.
- A truly multicultural experience: you will have the chance to work with and learn from people from different geographies, nationalities, and backgrounds.
- Structured, tailored learning and development programs that help you become a better leader, manager, and professional through the Sun King Center for Leadership.