Security Engineer - II

About Kapiva

Kapiva (Series-C funded) is on a journey of transformation — from being one of India’s leading modern Ayurvedic nutrition brands to becoming a health-tech company that leverages technology to drive better health outcomes for millions of people across India and internationally.

We believe the next wave of innovation in health will be driven by AI-first solutions — from personalized recommendations and intelligent coaching, to automated platforms that scale care and wellness delivery. At Kapiva, you’ll be part of building this future.

Role Summary

We are looking for a

Security Engineer (Level 2)

with

2–4 years of experience

to strengthen the security posture of Kapiva’s

Ecommerce and Health Tech platforms . As a Security Engineer, you will be responsible for securing applications, infrastructure, and data against potential threats. You will collaborate with engineering, DevOps, and product teams to implement secure coding practices, monitor for vulnerabilities, and ensure compliance with industry standards.

Key Responsibilities

Perform

application security reviews , threat modeling, and code analysis for new features.

Conduct

vulnerability assessments and penetration testing

for web, mobile, and APIs.

Collaborate with developers to implement

secure coding practices

and remediate vulnerabilities.

Monitor and respond to

security incidents

using SIEM and alerting tools.

Manage

identity and access management (IAM) , secrets, and encryption systems.

Support compliance initiatives (HIPAA / GDPR for Health Tech).

Automate security testing in

CI / CD pipelines

(SAST, DAST, dependency scanning).

Document and maintain

security policies, procedures, and playbooks .

Train engineering teams on

security best practices .

Required Skills and Qualifications

2–4 years of experience in application or infrastructure security.

Strong understanding of

OWASP Top 10, secure coding practices, and API security .

Hands-on experience with

vulnerability scanners

(Burp Suite, Nessus, ZAP, SonarQube).

Knowledge of

cloud security

(AWS / GCP IAM, security groups, encryption).

Familiarity with

network security

(firewalls, WAFs, VPNs).

Proficiency in at least one programming / scripting language ( Python, JavaScript, or Bash ).

Experience with

DevSecOps integration

into CI / CD pipelines.

Bonus Points

Security experience in

Ecommerce

(payments, fraud prevention, data protection).

Security experience in

Health Tech

(HIPAA, PHI data, compliance frameworks).

Experience with

SIEM and incident response

(Splunk, ELK, Datadog Security).

Knowledge of

container security

(Kubernetes security, image scanning, runtime protection).

What We Offer

Opportunity to

secure Ecommerce and Health Tech systems .

Exposure to modern

DevSecOps practices

and cloud-native security.

Collaborative culture with cross-functional impact on product, engineering, and compliance.

Competitive compensation and growth path to

Security Engineer – 3 and specialist tracks .