Talent.com
This job offer is not available in your country.
Security Engineer

Security Engineer

SignzyBengaluru, Karnataka, India
14 hours ago
Job description

Signzy is a digital trust system. We provide identification, background checks, forgery detection

and contract management systems which enable contracting in a trustable, safe, legal, and

convenient manner. Our biometric user authentication system and blockchain-based digital trail

ensure non-repudiation. This increases compliance and enforceability in the court of law. We

consist of a tech-savvy team and are backed by investors who are enthusiastic about creating

solutions with technology.

Working at Signzy

  • At Signzy we breathe software and exploit the latest technologies to create the most

amazing products. We comprise a tech-savvy team and are backed by investors who are

enthusiastic about creating solutions using technology.

  • Signzy is looking for an Security Engineer . If you think you have what it

    • takes to get the job done, this is an invitation to be a part of the future!

    JD for Security Engineer-1 Role

    Responsibilities : Application Security

  • Perform secure code reviews , threat modeling, and static / dynamic application security testing (SAST / DAST).
  • Integrate and maintain automated scanning tools (e.g., Semgrep, Snyk, Trivy, Gitleaks) in CI / CD pipelines.
  • Collaborate with developers to remediate vulnerabilities and embed security in SDLC.
  • Guide on secure architecture patterns (authentication, authorization, data encryption, API security, mobile app protections like SSL pinning and mTLS).

    • Infrastructure & Cloud Security

  • Harden cloud infrastructure (AWS / GCP / Azure), including IAM, VPC design, encryption, and network segmentation.
  • Implement infrastructure-as-code security checks for Terraform, Helm, and Kubernetes deployments.
  • Conduct internal and external penetration tests , configuration reviews, and vulnerability management for servers, containers, and endpoints.
  • Support continuous monitoring (WAF, SIEM, EDR / MDM) and incident response

    • Security Assessments & Compliance

  • Lead periodic security assessments : vulnerability assessments, penetration testing, firewall rule reviews, user-access audits, and network segmentation reviews.
  • Document findings, track remediation, and provide risk-based recommendations.
  • Assist with evidence gathering for ISO 27001, SOC 2, PCI-DSS, GDPR, and internal security audits.

    • Continuous Improvement

  • Research emerging threats (e.g., supply-chain attacks, npm / package ecosystem risks) and recommend mitigations.
  • Contribute to security runbooks, policies, and developer awareness sessions.

    • Qualification

    Must Have

  • 2–4 years of experience in application or infrastructure security engineering.
  • Strong understanding of web / mobile security, OWASP Top 10, cloud security fundamentals, and Linux / Unix systems.
  • Hands-on experience with CI / CD pipelines and common security tools (SAST, DAST, container scanners, SIEM / EDR).
  • Hands-on with SAST / DAST tools (e.g., Burp Suite, OWASP ZAP, Semgrep, Fortify)
  • Knowledge of network & OS hardening (Linux, cloud workloads).
  • Experience with internal and external penetration testing methodologies.
  • Familiarity with common tools : Nmap, Metasploit etc.,
  • Hands on experience with Mobile application security testing [Android and iOS]
  • Familiarity with threat modeling frameworks (STRIDE, MITRE ATT&CK) and SBOM management.
  • Scripting or programming skills (Python, Go, Bash) for automation and custom tooling.
  • Should have fundamental knowledge of cloud environments
  • Security-first mindset with curiosity and analytical thinking.
  • Ability to review firewall rules, ACLs, and security groups for least-privilege.
  • Understanding of network segmentation and zero-trust principles.
  • Ability to translate complex vulnerabilities into actionable, developer-friendly guidance.
  • Collaborative approach to working with engineering, DevOps, and compliance teams.
  • Strong reporting & documentation skills (writing assessment reports).
  • Knowledge of security standards (ISO 27001, NIST 800-53, CIS Benchmarks).

    • Good to Have

  • Container & K8s Security : Familiarity with Trivy, Falco, Kubescape, Kyverno.
  • IaC Security : Experience with Terraform / CloudFormation scanning (Checkov, Tfsec).
  • DevSecOps Integration : Embedding security tests into CI / CD (GitLab, GitHub Actions, Jenkins).
  • Advanced API Security : Hands-on with API gateways (Kong, Apigee, AWS API Gateway) and WAF tuning.
  • Cloud-Native Security : Experience with GuardDuty, Security Hub, AWS Config, GCP SCC.
  • Emerging Areas : AI / ML model security.
  • Certifications (good-to-have, not must) : OSCP or Cloud Security certs (AWS Security Specialty).
    • Create a job alert for this search

    Security Engineer • Bengaluru, Karnataka, India