Job Profile: - Software Development Engineer II
Years of Experience: 3 - 5
Location: Bangalore
Position Overview:
We're looking for a Senior Security Operations Engineer to join our Security team. You'll own offensive security programs, lead penetration testing initiatives, and help build a security-first culture across engineering. This role sits at the intersection of traditional AppSec and emerging AI security threats — you'll be one of the few people in the industry who gets to define what "secure AI" looks like in practice.
What qualities are we looking for?
Must-Have
-
4+ years in security engineering, with at least 2 years of hands-on penetration testing
-
Demonstrated experience with AI/LLM security — prompt injection, model manipulation, or MCP security assessments
-
Strong proficiency in web app and API pentesting (OWASP Top 10, business logic flaws, auth bypasses)
-
Solid scripting ability in Python, Go, or Bash to build custom tooling
-
Experience with cloud security (AWS, GCP, or Azure) — misconfigurations, IAM abuse, lateral movement
-
Familiarity with CI/CD security tooling — integrating SAST/DAST/SCA into pipelines
-
Experience conducting risk assessments and communicating findings to non-technical stakeholders
Good to Have
-
Bug bounty track record or CVE publications
-
Experience with agentic AI frameworks (LangChain, AutoGPT, Claude Agents) from an attacker's perspective
-
Knowledge of compliance frameworks: SOC 2, ISO 27001, PCI-DSS
What will you get to do here?
Penetration Testing (Primary)
-
Lead and execute end-to-end penetration tests across web applications, APIs, internal services, and cloud infrastructure
-
Design and run red team exercises simulating real-world adversarial scenarios
-
Perform threat modeling on new product features and architectures before they ship
-
Develop custom exploits, scripts, and tooling to improve test coverage and repeatability
-
Produce clear, actionable pentest reports for both engineering and leadership audiences
-
Manage third-party pentest vendors and coordinate responsible disclosure programs
AI & LLM Security
-
Research and execute attacks against AI/LLM-powered systems — prompt injection, jailbreaks, indirect prompt injection via tool outputs, and data exfiltration through model responses
-
Assess security risks in Model Context Protocol (MCP) deployments — evaluate tool call boundaries, context poisoning vectors, and privilege escalation through agentic workflows
-
Build an internal threat library for AI attack patterns and maintain a red-teaming playbook for LLM features
-
Partner with ML and product teams to bake security into the AI feature development lifecycle
DevSecOps
-
Embed security controls into CI/CD pipelines — SAST, DAST, SCA, secret scanning, and container scanning
-
Define and enforce secure coding standards and review gates across teams
-
Champion security automation so engineers can move fast without introducing critical vulnerabilities
Risk Assessment (Supporting)
-
Assess and prioritize security risks across the organization using frameworks such as CVSS, DREAD, or FAIR
-
Maintain a live risk register; track remediation progress and report risk posture to leadership
-
Evaluate risks introduced by third-party vendors, integrations, and open-source dependencies
-
Quantify business impact of vulnerabilities to support data-driven remediation prioritization
Compliance & Governance (Supporting)
-
Assist in security audits and gap assessments
-
Help define and maintain security policies, standards, and exception processes
Visit our tech blogs to learn more about some the challenges we deal with:
https://bytes.swiggy.com/the-swiggy-delivery-challenge-part-one-6a2abb4f82f6
https://bytes.swiggy.com/swiggy-distance-service-9868dcf613f4
https://bytes.swiggy.com/the-tech-that-brings-you-your-food-1a7926229886
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, disability status, or any other characteristic protected by the law.