Senior Lead Security Engineer

Careers / Product, Engineering and Development

Senior / Lead Security Engineer

About Gurucul

Gurucul is a cybersecurity analytics company delivering Next-Gen SIEM, UEBA, Insider Risk Management, and identity/threat detection solutions. We help enterprises reduce noise, detect threats faster, and improve security outcomes using advanced analytics and AI.

Role Summary

Gurucul is seeking a Senior/Lead Security Engineer (8–10 years experience) to strengthen our Product Security and Secure SDLC practices. The role will focus on proactive vulnerability detection, triaging security issues, enabling shift-left security practices, and collaborating with engineering teams to remediate vulnerabilities effectively. The engineer will play a key role in implementing the organization’s security strategy,  detection workflow, vulnerability management process, and remediation SLAs.

Key Responsibilities

Security Testing & Vulnerability Detection

  • Perform Application Security Testing for web applications, APIs, and microservices.
  • Conduct Vulnerability Assessment and Penetration Testing (VAPT).
  • Execute manual and automated security testing using tools such as: Burp Suite,  Fortify, OWASP ZAP, Nessus / Qualys.
  • Identify vulnerabilities aligned with OWASP Top 10 and industry security standards.

Secure SDLC & Shift-Left Security

  • Integrate security practices into CI/CD pipelines.
  • Enable shift-left security testing across the development lifecycle.
  • Work closely with engineering teams during design and architecture review.
  • Support implementation of secure coding practices.

Vulnerability Management & Triage

  • Analyze and triage vulnerabilities based on CVSS scoring and exploitability.
  • Prioritize vulnerabilities based on risk and business impact.
  • Create and manage security defect tickets in Jira.
  • Track vulnerabilities through detection → triage → remediation → verification  workflow.

Security Verification & Release Readiness

  • Validate remediation of vulnerabilities.
  • Perform security verification before release.
  • Collaborate with development teams to ensure vulnerabilities are fixed within defined SLA timelines.

Security Tools & Automation

  • Manage and operate security tools such as: Fortify (SAST), BurpSuite (DAST), ScoutSuite / Cloud security tools.
  • Automate scanning and security testing wherever possible.

Cloud & Infrastructure Security

  • Conduct security assessments for cloud infrastructure (AWS preferred).
  • Evaluate security posture for: Servers, Containers, Databases, APIs.
  • Ensure alignment with CIS benchmarks and security best practices.

Security Awareness & Engineering Enablement

  • Conduct security awareness sessions for developers and QA teams.
  • Help implement Security Champion programs across SCRUM teams.
  • Provide guidance on secure coding practices

Required Qualifications

  • Bachelor’s or Master’s degree in Computer Science/Information Security/IT
  • 8–10 years in Application Security / Product Security
  • Experience working with engineering teams in Agile/SCRUM environments
  • Application Security: VAPT; Web Application Security Testing; API Security Testing; OWASP Top 10
  • Security Tools: Burp Suite; Fortify; OWASP ZAP; Nessus / Qualys; Nmap
  • DevSecOps: CI/CD security integration; SAST / DAST / SCA; Security automation
  • Cloud Security: AWS security fundamentals; Cloud configuration security; IAM and network security basics

Preferred Qualifications (Nice-to-Have)

  • Experience in SaaS product companies
  • Certifications such as: CEH; OSCP; CISSP; AWS Security Specialty; Certified Application Security Engineer

Location

Pune, India

To apply:

Please send resumes to jobs@gurucul.com for consideration.