About Apna Company
Since 2019, apna has connected over 60 million jobseekers with more than 250,000 enterprises and small businesses across India. Founded by Nirmit Parikh, a Stanford graduate and serial entrepreneur who recognized the challenges in entry\-level hiring, apna has rapidly grown to become India's fastest unicorn in 2021—achieving this milestone in just 21 months.
Backed by marquee global investors \- Insight Partners, Tiger Global, Lightspeed India, Sequoia Capital, and GSV, we're revolutionizing livelihood creation across India.
- *Title:** Senior Security Engineer (Sr.SE )
- *Location:** Bengaluru (WFO \- Domlur)
- *Employment Type:** Full\-time
- *Team:** Security Engineering
- *Experience:** 3\-5 years
As a **Senior Security Engineer,** you will play a key role in strengthening the company’s overall security posture across our AI platforms, microservices, data pipelines and mobile/web products. You will design, build and automate scalable security controls that integrate seamlessly into our CI/CD pipelines and cloud infrastructure.
This role demands a hands\-on breaker\-builder who can balance deep technical expertise with practical risk management, while collaborating with AI, product, and DevOps teams.
- *Requirements** **1\. Security Engineering \& Automation**
- Design and implement security automation frameworks for threat detection, remediation and compliance validation across cloud and application layers.
- Develop tools and scripts to enhance security visibility in AI model pipelines, APIs and data integrations.
- Integrate security controls into CI/CD workflows (SAST, DAST, SCA, IaC scanning).
- Worked on XDR/SIEM for automated detection and response.
- *2\. Application \& API Security**
- Perform secure code reviews and threat modeling for AI microservices, REST APIs and agent frameworks.
- Collaborate with developers to remediate vulnerabilities and enforce secure SDLC practices.
- Lead periodic VAPT (Vulnerability Assessment \& Penetration Testing) for web, mobile apps, Agentic AI platform and connected services.
- Identified and mitigated vulnerabilities such as OTP bypass, data leaks in public GCS buckets and source code exposure.
- *3\. Cloud \& Infrastructure Security**
- Secure multi\-cloud (GCP/AWS) environments using native and third\-party tools.
- Build and maintain IaC security baselines and automated configuration drift detection.
- Configure and manage WAF for custom DDoS and bot protection.
- Manage secrets, IAM and container security best practices across production workloads.
- Fix misconfigurations, default credentials, and public exposures across systems like Grafana, Zookeeper, and Prometheus.
- *4\. AI \& Data Security**
- Continuously monitor for compromised datasets, credentials, and model theft attempts in deep/dark web spaces.
- Implement data protection mechanisms for AI training pipelines, model storage and inference endpoints.
- Evaluate and mitigate prompt injection, model leakage and data exfiltration risks in AI agents.
- *5\. Monitoring \& Incident Response**
- Collaborate with internal teams to improve threat detection, alert triage and response automation.
- Monitor dark web and forums like Telegram/Russian marketplaces for leaked data, compromised credentials, and fake breach claims.
- Build dashboards and reports for proactive risk visibility.
- *6\. Security Awareness \& Leadership**
- Conduct internal security training and phishing simulations.
- Mentor interns and engineers on VAPT, incident response, and secure coding.
- Advocate for organization\-wide adoption of DMARC, SPF, and DKIM for email protection.
- *7\. Compliance \& Governance**
- Conduct internal security training and phishing simulations.
- Contribute to ISO 27001, SOC 2, GDPR and HIPAA security controls implementation.
- Document policies, run internal audits and support external assessments.
- Manage security communications with third\-party vendors (Google Security, VisitHealth, PingSafe, etc.) and ethical disclosures.
Key Requirements* **Experience:** 3\-5 years in application, cloud or product security engineering.
- Strong programming/scripting in Python, Go or Node.js (for automation).
- Deep understanding of web and mobile security, OWASP Top 10, and secure SDLC practices.
- **Hands\-on experience with:**
- + Cloud security (IAM, key management, configuration monitoring, threat detection and security monitoring using tools like CSPM, CASB, SIEM, etc.)
+ IaC tools (Terraform, CloudFormation)
+ CI/CD tools (GitHub Actions, Jenkins, GitLab CI)
+ Strong understanding of containers (Docker, Kubernetes, EKS/GKE)
- Familiar with AI model security and data privacy principles (preferred).
- Knowledge of compliance frameworks like ISO 27001, SOC2, NIST or GDPR.
- Certifications (Good to have): OSCP, GCP/AWS Security Specialty, CEH, CISSP or CKS.
Soft Skills* Strong analytical and problem\-solving mindset.
- Excellent cross\-functional collaboration.
- Passion for innovation, automation and continuous learning.