Security Engineer-2 Job in Cashfree Payments

Position: Security Engineer-2

Location: Bengaluru

Employment Type: Full-Time

Department: Engineering

Job Description:

We are seeking a proactive and skilled Security Engineer-2 to identify vulnerabilities, collaborate with development teams on mitigation strategies, and promote secure coding practices within the organization. You will play a critical role in ensuring the security and resilience of our products against emerging threats.

Key Responsibilities:

• Conduct in-depth security assessments of products to discover vulnerabilities and demonstrate their exploitability and risk impact.
• Stay updated on emerging vulnerabilities and threats relevant to our products through independent research.
• Collaborate with developers to develop and implement mitigation and workaround plans according to security policies.
• Lead threat modeling and secure design review sessions with development teams to identify threats and define mitigation strategies.
• Conduct workshops to educate developers on threat modeling and secure coding principles.
• Prioritize and ensure mitigation of critical security defects during development sprints.
• Integrate and automate Static Application Security Testing (SAST) within the DevOps pipeline.
• Advocate and propagate secure coding principles across the development community.
• Serve as the primary point of contact for developers on critical secure development issues.
• Develop and deliver security training programs and technical workshops for developers and QA teams.
• Promote security awareness through tech talks and other knowledge-sharing activities.

Required Qualifications and Skills:

• Strong knowledge of common vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), cryptographic weaknesses, and code injection.
• Proficiency in programming/scripting languages like Java, Ruby, and Python.
• Experience with cloud technologies and services.
• Ability to automate security testing processes and improve assessment productivity.
• Excellent communication skills to articulate security risks to both technical and non-technical audiences.
• Familiarity with industry-standard threat modeling, risk assessment, and vulnerability classification methodologies.
• Experience conducting white-box and grey-box security assessments, including architectural and API analysis.
• Knowledge of Secure Software Development Lifecycle (S-SDLC) and CI/CD integration.
• Bachelor s degree in Computer Science, Electrical Engineering, Computer Engineering, or equivalent experience in software engineering or security.
• Minimum 3 years of experience in application security or related security assessment roles.
• Deep understanding of attack vectors, exploits, and mitigation techniques, including chained attacks.
• Experience with languages such as Java, Go, Python, or Node.js (knowledge of multiple is a plus).
• Experience assessing cloud-native services, service meshes, and Kubernetes-based microservices.
• Strong problem-solving skills, able to think both offensively (like a hacker) and defensively (product security evaluation).
• Ability to learn new technologies and apply unconventional thinking to complex security challenges.