Role Summary

We are seeking a highly skilled and hands-on Senior Security Engineer with a strong focus on secure coding and automation (Python) to join our Service Operations team. This role is ideal for engineers who are passionate about building secure, scalable systems, integrating security into development workflows, and supporting banking/financial domain applications in a cloud-native (AWS) environment.

Key Responsibilities

• Develop and maintain security automation tools and scripts using Python to support application security and DevSecOps processes
• Perform secure code reviews across platforms (Kotlin, Node.js, Android, iOS, Python), with strong emphasis on Python-based systems
• Integrate and automate security controls into CI/CD pipelines (e.g., GitHub Actions)
• Work closely with engineering teams to embed secure coding practices into the SDLC
• Implement and manage SAST/SCA/DAST tools and automate vulnerability detection and remediation workflows
• Support API and application security (REST, GraphQL), including authentication, authorization, and encryption practices
• Conduct basic penetration testing and vulnerability validation (mobile, web, APIs) – depth is not required, focus is on remediation and automation
• Perform threat modelling (e.g., STRIDE) and risk assessment for applications, especially in banking systems
• Collaborate with infrastructure teams to ensure secure deployment on AWS cloud environments
• Contribute to application security standards, policies, and best practices aligned with OWASP
• Monitor and respond to emerging security threats, including risks related to AI-enabled systems
• Support BAU security operations, vulnerability management, and continuous improvement initiatives

Required Qualifications

• 5+ years of hands-on experience in Python development (mandatory, strong coding capability is critical)
• 2–3 years of experience in application security/DevSecOps
• Experience working in banking/financial services domain
• Strong experience with AWS cloud services and cloud security practices
• Solid understanding of secure coding practices and code review methodologies
• Experience integrating security tools into CI/CD pipelines
• Familiarity with SAST/SCA/DAST tools
• Basic understanding of penetration testing concepts and tools (e.g., Burp Suite, MobSF, Frida)
• Knowledge of API security, authentication mechanisms, and cryptographic fundamentals
• Experience working in Agile/DevOps environments

Preferred Qualifications

• Experience with security automation frameworks and tooling in Python
• Exposure to AI/ML application security (e.g., prompt injection, model abuse)
• Certifications such as AWS Security Specialty, CSSLP, OSCP (optional)
• Experience with container security (Docker, Kubernetes) and IaC scanning
• Familiarity with banking security standards and compliance requirements