# Senior Security Engineer

> Arcot AI Solutions Private Limited · Navi Mumbai, India · Full-time · Posted 2026-07-16

**Salary:** INR 800,000–1,200,000

**Workplace:** on_site

## Description

Company - Arcitech AI

Location : Turbhe, Navi Mumbai (On site)

Experience : 5+ Years

Budget - 12lpa

Immediate Joiners preferred

**  
  
About Arcitech :-**

Arcitech is an enterprise AI automation and software development company building modern,

AI-native products at scale. Several of our products handle sensitive data, and security is

central to how we build and ship. We are looking for a hands-on Senior Security Engineer to

own the security of our applications and cloud infrastructure end to end.  

**About the Role:-**

This is a hands-on, implementation-focused role — not an advisory one. You will spend most of

your time finding real vulnerabilities, deploying real security controls, and securing real CI/CD

pipelines and cloud environments. Our infrastructure is AWS-primary, and you will also help us

introduce and secure additional, cost-optimized cloud and server environments as we grow. You

will work directly with our product tech leads, our DevOps team, and an external security testing

partner to take each product to a strong, audit-ready security posture. If you enjoy building and

shipping security controls rather than only writing policy, this role is for you.  

**Key Responsibilities:-**

**Application Security-**

• Conduct threat modeling on real application architectures, data flows, and APIs, producing

specific, actionable output.

• Perform vulnerability assessments and penetration testing on web applications and APIs;

identify, prioritize, and track findings to closure.

• Perform secure code review and partner with developers to fix vulnerabilities, with

attention to authentication, payment flows, data isolation, and PII handling.

• Define and enforce a secure-coding standard tailored to our stack (Python/Django,

Node.js, React).

**Cloud & Infrastructure Security (AWS-Primary, Multi-Cloud Capable)-**

• Harden and continuously monitor our AWS environment (primary platform): IAM least-

privilege, network segmentation, encryption, logging (CloudTrail), and threat detection

(GuardDuty, Inspector, or equivalent).

• Implement and operate Cloud Security Posture Management (CSPM) to detect

misconfigurations and drift — across AWS and any additional providers we adopt.

• Apply portable, vendor-neutral security through Infrastructure as Code (Terraform) and

container/Kubernetes security, so controls travel with the workload regardless of provider.

• Manage secrets properly (AWS Secrets Manager / Parameter Store or HashiCorp Vault)

and eliminate hardcoded credentials.

• Work with the DevOps team to introduce and secure additional, cost-optimized server

environments (e.g., Azure or cost-focused providers), extending our security standards to

each new platform.

• Administer Linux servers and cloud environments with security as the default; support

uptime, scalability, and patching.

**DevSecOps & Pipeline Security-**

• Build and maintain security gates in CI/CD pipelines (Jenkins, GitHub Actions, or GitLab

CI/CD): SAST, DAST, software composition analysis, container image scanning, and IaC

scanning.

• Implement Infrastructure as Code security using Terraform or CloudFormation with

automated policy checks (e.g., Checkov, Trivy).

• Deploy and validate developer-side security tooling and automate security tasks using

Python and/or Bash.

**Monitoring, Incident Response & Collaboration-**

• Set up centralized logging and monitoring (CloudWatch, ELK, Prometheus, Grafana, or

equivalent) with alerting and incident workflows.

• Define and run an incident response process; investigate and remediate security incidents.

• Work directly with tech leads, DevOps, QA, and developers to ensure controls are

implemented, not just recommended.

• Coordinate an external security testing partner for periodic deep penetration testing, and

drive their findings to closure.

**Compliance & Audit Readiness-**

• Build and maintain the security artifacts required during enterprise customer due diligence

(security questionnaires, VAPT reports, data-handling documentation).

• Establish practices aligned with relevant standards (e.g., OWASP, and PCI-DSS / data-

protection requirements where applicable).  

**Required Qualifications:-**

• 5+ years hands-on experience in application security, cloud security, and/or DevSecOps,

with controls you have personally implemented — not only assessed or advised on.

• AWS expertise (mandatory, primary). Deep, hands-on experience securing AWS

environments. Most of our infrastructure runs on AWS and will continue to.

• A second cloud (required, demonstrated). Hands-on experience securing at least one

other provider — Azure, GCP, or a cost-focused provider such as DigitalOcean, Hetzner,

or OVH. This must be work you have actually delivered, not a willingness to learn.

• Portable, vendor-neutral skills. Strong Infrastructure as Code (Terraform) and

container/Kubernetes security — the skills that let security and workloads move safely

between providers.

• Application security depth. Proven experience with threat modeling, VAPT, and secure

code review on real applications and APIs.

• CI/CD and IaC security. Hands-on experience integrating security into pipelines and

securing Infrastructure as Code (Terraform / CloudFormation).

• Containers. Working experience securing Docker and Kubernetes environments.

• Scripting. Practical Python and/or Bash for automation.

• Tooling. Familiarity with SAST/DAST/SCA tools, vulnerability scanners, CSPM, and

monitoring stacks.

• Linux. Solid Linux system administration.

• Communication. Able to give a tech lead a clear, specific, prioritized list of what to fix and

why.

## Apply

[Apply at Arcot AI Solutions Private Limited](https://apply.workable.com/arcothr/j/2BA0258771/apply)

---
Powered by [Workable](https://www.workable.com)
