Security Engineer / Senior Security Engineer, Pune (or remote), India

Position Overview

Salary Range: (₹10 Lacs to ₹25 Lacs) + bonuses, healthcare, professional development budget

Bonus: Annual 10% on top of salary based on employee and company performance.

Healthcare (no health check required):

  • First two years – 2 lacs cover for you, spouse and children
  • After 2 years – 5 lacs cover with the inclusion of parents

We’re always looking for application security engineers to take on the application security projects entrusted to us by our clients. We have well-defined skill levels (L1 through L6) for which we recruit candidates and also use those skill-levels to create career progression paths for the engineers.

Our office in India is located at the World Trade Center in Kharadi, Pune, but candidates are welcome to work remotely; we also provide workstations for remote workers after a set period of time.

job-search

Interested applicants should email their resumes and mention the skill level they are applying for to india-jobs@securityinnovation.com.

Skill Level Matrix and Responsibilities

Security Engineer

Level

Requirements

Description

L1
  1. Full Web Application & Services Testing
  2. Report writing for individual issues

L1 engineers will be expected to use our standardized web-application test plan to provide depth and breadth coverage on client web applications and API services where they are generally paired with more experienced engineers on projects. They are also expected to start learning how to write good reports for basic security issues.

They are expected to graduate to the next level within 12 months of starting this role.

L2 L1 + the following:

  1. Basic Network Attack Simulation
  2. AWS Config Review
  3. Basic Android Testing
  4. Any one of the following:
    1. Basic iOS Testing
    2. GCP Config Review
    3. Azure Config Review
  5. Report writing for all issues and Final reports

L2 engineers should first meet the requirements for an L1 engineer and also be capable of performing basic network scans and tests, an AWS Cloud Configuration review, basic Android app testing, and should be able to write quality reports for all types of issues as well as final reports for clients. They should also have any one of these additional skills – (1) Basic iOS Testing, (2) GCP Cloud Config Review, or (3) Azure Cloud Config Review.

L2 engineers will also be expected to contribute to internal skills improvement programs and knowledge sharing sessions. They are also expected to attend report read-out calls to gain experience in client expectations.

They are expected to graduate to the next level within 12 months of starting the role which requires completing an OSCP (or approved equivalent) Certification.

L3 L2 + the following:

  1. Advanced Android + iOS Mobile Testing
  2. Advanced Network Attack Simulation
  3. Basic Thick Client Testing
  4. Report Writing and Peer Reviewing
  5. 2 years professional experience
  6. OSCP (or equivalent)

L3 engineers should have min 2 years of professional experience and be capable of performing advanced testing on both Android and iOS projects. They should also be capable of performing advanced network assessments and basic testing of thick client applications. In addition to writing reports, they will also be expected to peer reviews reports from other engineers as well as help junior engineers with their reporting.

L3 engineers are expected to actively participate in report read-out calls with clients and they are expected to graduate to the next role within 2 years of starting this role.

Senior Security Engineer

Level

Requirements

Description

L4 L3 + the following:

  1. Lead Web and Mobile Projects
  2. Full Thick Client Testing
  3. Full Network Attack Simulation
  4. Full Cloud Configuration Review (with certifications)
  5. Source Code Review (2 langs)
  6. Containers Config Review
  7. 4 years of professional experience

L4 engineers are expected to lead teams during web and mobile application projects and should be capable of assessing web, mobile, thick-client applications. They should also be capable of performing full network assessments, cloud configuration reviews, containers configuration reviews, and also be able to review source code in two widely used languages. They are required to have completed certifications for GCP, AWS, and Azure cloud Platforms.

L4 Engineers are expected to lead kick-off calls with clients as well as lead final report read-out calls and act as the trusted advisor for the client. They are expected to graduate to the next role within 24 months of starting this role.

L5 L4 + the following:

  1. Threat Modelling
  2. Source Code Review (4+ langs)
  3. 6 years of professional experience

L5 engineers are highly experienced Senior Security Engineers who also know how to perform Threat Modeling for client solutions and can review source code in multiple languages.

L6 L5 + the following:

  1. Consistent leader for 25+ projects

L6 engineers are considered consistent leaders who can be counted on to always deliver quality to our clients. They may or may not have additional technical qualifications over an L5 engineer but their experience with client projects and leading other engineers sets them apart.

Other Perks & Benefits

There is a reason we have a 4.9/5 rating on Glassdoor. We take care of our clients, but also take care of our employees.

  • Above industry compensation
  • 10% yearly bonuses on top of CTC
  • Health insurance coverage for you and your immediate family (parents included after 2 years)
  • Professional development budget for conferences, classes, certifications, or other learning opportunities
  • Flexible work environment