Back to Jobs
Security Engineer
Actively Reviewing
avertra
Job Description
Avertra's mission is to Simplify Life — automating complex decision-making for customer-centric industries including Utilities, Financial Services, Logistics, and Commerce, while directly improving the employee and customer experience.
What We Promise You:
The role owns security design, detections and rules, application-security testing, the vulnerability management program, vendor remediation, and control evidence. DevOps owns the CI/CD pipeline, AKS, and infrastructure execution; a fractional vCISO and GRC platform own the audit itself, this role supplies and maintains the evidence for the controls it builds.
Main Job Responsibilities
Needed Competencies
What We Promise You:
- A global family building a sustainable, scalable ecosystem guided by logic and empathy.
- A clearly-scoped, high-impact mandate, ship real controls, not just reports.
- Genuine investment in your growth and mastery of your domain.
The role owns security design, detections and rules, application-security testing, the vulnerability management program, vendor remediation, and control evidence. DevOps owns the CI/CD pipeline, AKS, and infrastructure execution; a fractional vCISO and GRC platform own the audit itself, this role supplies and maintains the evidence for the controls it builds.
Main Job Responsibilities
- Application Security Testing
- Introduces and tunes DAST against running applications; triages findings and drives fixes.
- Deploys and owns a semantic SAST engine tuned for TypeScript / React / Node; owns the rules, triage, and merge-block policy.
- Detection Engineering & Response
- Builds the detection layer on the SIEM: correlation rules, alerts, and incident playbooks.
- Defines and tunes runtime workload detection in AKS and file-integrity monitoring.
- Owns what is detected and how the organization responds, while DevOps stands up SIEM infrastructure, log shipping, and agent deployment.
- Edge & Network Controls
- Owns the WAF ruleset: tunes the OWASP ruleset, defines exceptions, and confirms Prevention mode and that logs reach the SIEM.
- Vulnerability Management as a Program
- Stands up a vulnerability aggregator: dedups across scanners, assigns owner and risk-based SLA per finding, drives ticketing, and surfaces SLA breaches on a dashboard.
- Defines secret-scanning policy (pre-commit and history sweep) and unifies the release gate across all scanners.
- Assurance & Evidence
- Manages the ASV scan and annual penetration-test vendors; triages results and drives remediation.
- Produces and maintains evidence for owned controls, alongside the vCISO and GRC platform, to support SOC 2 Type II and PCI DSS 4.0 assessments (supports, but does not run, the audit).
Needed Competencies
- Technical expertise integrating and tuning security scanners in CI/CD pipelines (Azure DevOps ideal): SAST, DAST, SCA, secrets, IaC.
- Technical expertise in DAST (OWASP ZAP or equivalent) and semantic SAST engines (Semgrep / CodeQL) on TypeScript / React / Node codebases.
- Technical expertise in SIEM detection engineering (Microsoft Sentinel and/or Wazuh / Elastic): writing detections, correlation, alert tuning, and playbooks.
- Technical expertise in Kubernetes / AKS security and runtime detection (Falco / Defender for Containers), network policies, and Pod Security Standards.
- Technical expertise in vulnerability management: aggregation / dedup, risk-based SLAs, and triage (DefectDojo or equivalent).
- Technical expertise in Azure security fundamentals: Defender for Cloud, Entra ID / RBAC, Key Vault, and edge WAF (OWASP ruleset).
- Solid grounding in OWASP Top 10, TLS / PKI, authentication protocols, and API security.
- Strong decision-making capabilities to weigh the relative costs and benefits of controls and prioritize risk-based remediation.
- Ability to produce clean, audit-ready evidence for SOC 2 and/or PCI DSS control requirements (supporting, not running, the audit).
- Builder’s mindset: OSS-first, iterating toward managed services.
- Clear communicator: able to translate risk for engineers and executives, with strong written English and documentation.
- Collaborative: drives secure-by-default practices through the DevOps and engineering teams rather than owning infrastructure directly.
- Bachelor’s on Computer Science, Information Technology, or a related field is recommended as a reasonable default, to be confirmed.
- 4–7 years in security engineering, DevSecOps, or application security, with hands-on experience building and tuning security controls. Comfortable partnering with DevOps / platform teams rather than owning infrastructure directly.
- Excellent written and spoken English; able to translate risk clearly for both engineers and executives.
- Experience preparing an organization for a first SOC 2 Type II or PCI DSS assessment (nice-to-have).
- Familiarity with GRC / continuous-compliance platforms (Vanta, Drata); policy-as-code (OPA / Conftest); threat modeling (nice-to-have).
- Preference for OSS-first security tooling with a managed Azure-native upgrade path.
- Effective listening and multi-tasking capabilities across concurrent security workstreams.
- Certified Kubernetes Security Specialist (CKS)
- Microsoft SC-200
- Microsoft AZ-500
- OSCP
- CEH
- PCI ISA / PCIP
- CISSP / CISM
- Up to 15%
- Monday–Friday, 10:00 AM – 7:00 PM (or as agreed). Hybrid work model, demand-based.
Required Skills
Similar Jobs
View all →
Senior Full Stack Developer
INNOFarms.AI
Gurgaon
Machine Learning
REST API
Tailwind CSS
+35
DevOps Engineer
TravClan
New Delhi
Capacity Planning
ISO 27001
Log management
+22
Lead Technical Architect | Cloud, Microservices & Distributed Systems | Mumbai (Hybrid)
SEWB Pty Ltd
Mumbai
Event-driven architecture
OAuth 2.0
Machine Learning
+24
Consulting-HC-IIO-HC Forward-Cloud architect
Deloitte
Chennai
Solution architecture
Spring Boot
Event-driven architecture
+34
Product Developer- .Net, Angular, SQL
Epicor
Bengaluru
REST API
Entity Framework
Software architecture
+25
Similar Jobs
View all →
Senior Full Stack Developer
INNOFarms.AI
Gurgaon
DevOps Engineer
TravClan
New Delhi
Lead Technical Architect | Cloud, Microservices & Distributed Systems | Mumbai (Hybrid)
SEWB Pty Ltd
Mumbai
Consulting-HC-IIO-HC Forward-Cloud architect
Deloitte
Chennai
Product Developer- .Net, Angular, SQL
Epicor
BengaluruShare
Quick Apply
Upload your resume to apply for this position
–