Security Engineer

Summary

Join WazirX, a pioneering company in the crypto revolution, as a Security Engineer. Conduct in-depth vulnerability assessments and penetration tests on web applications, APIs, and infrastructure. Collaborate with engineering teams to remediate vulnerabilities and provide security recommendations. Stay updated on the latest security threats and develop secure coding practices. Document security findings clearly for both technical and non-technical audiences. This role requires 6-10 years of experience and relevant certifications are highly desirable. WazirX offers a remote-first work environment, flexibility, and the opportunity to shape the future of crypto.

Requirements

• Experience: 6-10 years in a Security Engineer, Penetration Tester, or similar role focused on both application and infrastructure security
• Certifications: Relevant certifications in ethical hacking, penetration testing, or security engineering are highly desirable
• Technical Expertise: Proficient in identifying and exploiting vulnerabilities across web applications and infrastructure, including common attack vectors such as SQL Injection, Cross-Site Scripting (XSS), insecure configurations, and network misconfigurations
• Programming & Scripting: Proficiency in at least one programming or scripting language (e.g., Python, JavaScript, Bash, or PHP)
• Tools: Experience with security tools for both applications and infrastructure, including Burp Suite, Metasploit, Nmap, AWS Security Hub, and similar tools for cloud and network security
• Cloud & Infrastructure Knowledge: Familiarity with security best practices for AWS and container security (e.g., Docker, Kubernetes)
• Self-Starter: Highly self-motivated, thrives on independent research, and continuously seeks out new challenges
• Team Impact: Effective communication and collaboration skills, with a strong ability to advocate for security and influence cross-functional teams

Responsibilities

• Conduct in-depth vulnerability assessments and penetration tests on web applications, APIs, infrastructure, and cloud environments to identify high-risk vulnerabilities
• Simulate attacker methods on both our applications and infrastructure to expose and assess real-world risks, developing realistic exploitation scenarios
• Collaborate closely with engineering teams to prioritize and remediate vulnerabilities in both application and infrastructure components
• Provide actionable recommendations for improving application and infrastructure security and assist teams in implementing these enhancements
• Stay current on the latest security threats, vulnerabilities, and attack vectors across application and infrastructure domains
• Develop secure coding, configuration, and deployment practices across both applications and infrastructure
• Document security findings clearly, ensuring that both technical and non-technical audiences understand the issues and solutions

Preferred Qualifications

• Regular engagement in bug bounty programs or responsible disclosure programs in personal time, with proven success in reporting vulnerabilities
• Experience in securing infrastructure environments, cloud networks, and virtualized systems
• A track record of independent security projects and active participation in security communities
• Passion for fostering a proactive security culture across both application and infrastructure teams

Benefits

Work from Anywhere: As a remote-first company, we believe great work can happen from anywhere. Enjoy the flexibility to work from wherever you feel most productive and supported