We are seeking a seasoned Senior Security Engineer to lead offensive and defensive cybersecurity initiatives across our technology stack. The ideal candidate will combine hands-on penetration testing expertise with strong security engineering capabilities to protect our infrastructure, applications, and data. You will play a pivotal role in hardening our systems, responding to threats, advising on secure architecture, and fostering a security-first culture across the organization.
Key Responsibilities
- Lead end-to-end penetration testing engagements across web, mobile, network, cloud, and wireless environments-from scoping and reconnaissance to exploitation, reporting, and remediation validation.
- Perform secure code reviews and implement server/system hardening aligned with CIS benchmarks and industry best practices.
- Serve as a Tier 2/3 escalation point for SOC operations-conduct deep-dive investigations into malware, phishing, lateral movement, and advanced persistent threats.
- Design, deploy, and tune SIEM, EDR, and other detection/response technologies to enhance visibility and reduce mean time to respond (MTTR).
- Develop and deliver security awareness training programs tailored to technical and non-technical stakeholders.
- Contribute to compliance initiatives (e.g., ISO 27001, PCI DSS) by creating security policies, implementing controls, and supporting audits.
- Collaborate with product, DevOps, and engineering teams to embed security into the SDLC, including threat modeling and secure design reviews.
- Stay ahead of emerging threats through OSINT, threat intelligence research, and proactive red team / purple team exercises.
Required Qualifications
- 4+ years of hands-on experience in cybersecurity, with a strong focus on penetration testing, incident response, and security engineering.
- Proven track record conducting web, mobile, and network penetration tests and delivering actionable remediation guidance.
- Proficiency with industry-standard tools: Burp Suite, Metasploit, Nmap, Wireshark, OWASP ZAP, Kali Linux, etc.
- Experience with SIEM platforms (e.g., Splunk, Sentinel), EDR solutions, and malware analysis tools (e.g., Cuckoo Sandbox).
- Solid understanding of secure architecture principles, compliance frameworks (ISO 27001, NIST, PCI DSS), and secure coding practices.
- Relevant certifications such as OSCP or CREST CPSA.
- Strong communication skills with the ability to translate technical risks into business impact for executives and engineers alike.
Preferred Qualifications
- Master's degree in Information Technology, Cybersecurity, or related field.
- Experience in fintech, insurtech, or digital asset environments.
- Background in red team operations or threat hunting.
- Knowledge of cloud security (AWS/Azure/GCP) and DevSecOps pipelines.
Why Join Us
- Work alongside a high-performing team tackling real-world security challenges.
- Direct impact on product security, customer trust, and regulatory compliance.
- Opportunities for continuous learning, offensive/defensive skill development, and career growth in a tech-forward environment.
