We’re looking for a Security‑Focused Backend Developer with 3+ years of production experience in Node.js (Express/Fastify/NestJS) and/or PHP (Laravel preferred).
You’ll be a strong fit if you:
- Work confidently with MySQL & PostgreSQL — transactions, migrations, query optimization, connection pooling, background job queues (Bull/BullMQ or Laravel Queues).
- Have built authentication & authorization from scratch* — understand JWT structure, signatures, expiry, and refresh token rotation without relying on black‑box libraries.
- Can *spot and fix SQL injection, broken access control, IDOR, and insecure deserialization during code review.
- Implement AES‑256‑GCM encryption correctly (knows IV reuse risks; can write encrypt/decrypt in Node.js, PHP, or Python).
- Use parameterized queries by default— zero tolerance for string concatenation with user input.
- Validate all input against a schema before any processing.
- Use minimum‑privilege database users, wire services correctly, and never log PII — and have caught this in others’ code.
Good to have:
- Hands‑on experience with HashiCorp Vault or any secrets manager.
- Understanding of OAuth2 / OIDC (PKCE, token introspection).
- Experience responding to pentest findings and familiarity with DPDP 2023 principles.
If you like writing secure, clean backend code and care about privacy and system integrity, we’d love to see your CV.
Pay: ₹40,000.00 - ₹50,000.00 per month
Work Location: Remote
