Security Engineer

Capsitech IT Services -
Jodhpur, Rajasthan

Quick apply

Job details

Full-time
14 days ago

Qualifications

CI/CD
Cloud infrastructure
Azure
Kubernetes
DevOps
NoSQL
Git
MongoDB
Bash (Unix shell)
SQL
CEH
RBAC
Firewall
Docker
Cloud security
Metasploit
Terraform
Continuous integration
Burp Suite
ISO 27002
GitHub
APIs
ISO 27001
Linux
ARM
Nmap
CompTIA Security+
Jenkins
Python
Identity & access management

Full job description

Cyber security JD

Job Description: Security Engineer
Company: Capsitech
Experience: 2–4 years

About the Role
We're hiring a Security Engineer to embed security across our development lifecycle — from codebase to CI/CD pipelines to Azure cloud infrastructure. You'll partner with engineering teams to identify vulnerabilities early, harden our deployment pipelines, and ensure our applications and APIs are production-secure.

Key Responsibilities

Application & Code Security

Perform code reviews (manual + SAST tools) to identify vulnerabilities in web apps, APIs, and backend services
Conduct penetration testing against web apps and APIs; report findings with CVSS scoring and remediation steps
Identify and validate OWASP Top 10 vulnerabilities: SQLi, XSS, CSRF, IDOR, SSRF, broken authentication, privilege escalation, file upload flaws
Test authentication and session flows (JWT, OAuth 2.0, MFA), authorization, and access controls
Integrate dependency scanning (SCA) and secret detection into developer workflows

CI/CD & DevSecOps

Harden CI/CD pipelines (Azure DevOps / GitHub Actions) against supply-chain risks
Integrate SAST, DAST, and container scanning into build pipelines
Implement secrets management (Azure Key Vault) and prevent credential leaks
Define security gates and policies for pre-deployment checks

Cloud Security (Azure)

Review and harden Azure configurations: IAM/RBAC, NSGs, Key Vault, Storage, App Service, AKS
Conduct cloud security assessments and posture reviews (CSPM mindset)
Monitor and triage findings from Microsoft Defender for Cloud / Azure Security Center

Collaboration & Reporting

Partner with developers to fix vulnerabilities and promote secure coding practices
Maintain vulnerability tracker; ensure timely retesting and closure
Produce clear technical and executive reports
Conduct security awareness sessions for engineering teams

Required Skills
2–4 years of hands-on application or cloud security experience
Strong grasp of OWASP Top 10 and SANS 25
Proficiency with Burp Suite, OWASP ZAP, Nmap, Metasploit, Wireshark
Experience securing CI/CD pipelines (Azure DevOps, GitHub Actions, or Jenkins)
Working knowledge of Microsoft Azure services and security controls
Scripting in Python or Bash for automation and custom tooling
Familiarity with SQL and NoSQL (MongoDB) injection vectors
Linux command-line proficiency
Understanding of networking, firewalls, TLS, and authentication protocols

Good to Have
Certifications: OSCP, CEH, eJPT, AZ-500, CompTIA Security+ (any one preferred)
Experience with container security (Docker, Kubernetes/AKS)
IaC security (Terraform, ARM/Bicep) scanning
Threat modeling experience (STRIDE)
Bug bounty / CTF participation
Familiarity with compliance frameworks (ISO 27001, SOC 2)

Work Location: In person

Quick apply

Jobseeker tools

Employer Tools

Browse

Stay Connected