CoinSwitch is seeking a highly skilled Security Engineer to join our security engineering team. This role is critical to designing, implementing, and maintaining robust security measures across our entire applications and infra, ensuring the confidentiality, integrity, and availability of our systems. You will play a key role in building a proactive security posture and fostering a security-first culture at coinswitch.

Responsibilities:

Assess and Review CoinSwitch products in detail to discover vulnerabilities and collaborate with the other security engineers to practically demonstrate the exploitability and risk factors. Be on the forefront of emerging vulnerabilities / threats which could affect CoinSwitch and its operations. Secure Architecture and SDLC: Design and build secure systems across all layers (Application, Infra, enterprise), implement AppSec and Secure SDLC practices including SAST, DAST, and SCA. Decent understanding of AWS Cloud and Container security best practices for containerization, ECS, and Kubernetes, and managing secrets/key management. API Security: Ensure the security of GraphQL and REST APIs. DevSecOps and Automation: Drive DevSecOps enablement by integrating security into CI/CD pipelines and implementing . Vulnerability Management and Testing: Lead internal/external VAPT, conduct penetration testing (web, API, mobile, cloud), and manage bug bounty programs and the Coordinated Vulnerability Disclosure (CVD) process. Vulnerability Remediation and Hardening: Drive post-VAPT remediation, manage vulnerability scanning, track mitigation. Collaborate with engineering, DevOps, and IT to embed security in all the systems. Security Automation : Automate security testing and improve productivity in security assessments.

Requirements:

6-9 years of experience in Security Engineering, AppSec, Product Security DevSecOps, or a related security-focused role. Strong understanding of secure architecture principles for network, OS, and application layers. Hands-on experience with AppSec tooling (SAST, DAST, SCA) and implementing Secure SDLC. Experience in Mobile Application Security Testing and tools used. Deep knowledge of secrets and key management solutions. Experience with API security & testing, including GraphQL and REST. Demonstrable experience with DevSecOps enablement and pipeline integrations. Proven track record of conducting VAPT, penetration testing, and red/purple team exercises. Experience managing bug bounty programs and external security testing vendors. Excellent communication, documentation, and collaboration skills.   Good To Have:

knowledge of incident management and leading high-severity incident response. Familiarity with threat intelligence feeds and proactive threat hunting. Knowledge of SAML / OAuth / Open ID Connect. Understanding of Cloud Security, Endpoint Security, WAF etc.

Preferred Qualifications:

Certifications in Security (e. g., OSCP, OSWE, CISSP, GSEC, AWS Certified Security - Specialty). Knowledge of compliance frameworks (e. g., ISO 27001, SOC 2).