Job Title: Security Engineer - II
Location: Bangalore (On-site; full-time)
About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women’s safety geo-tracking app into a globally recognized logistics optimization platform.
Our technology has empowered enterprises such as Unilever and Nestlé to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics.
Key Responsibilities:
Conduct comprehensive threat modeling for applications, cloud infrastructure, and overall systems architecture.
Perform secure code reviews and security assessments for web, Android, and iOS applications, with a strong focus on cloud infrastructure security.
Proactively identify and mitigate vulnerabilities across platforms, collaborating with development and DevOps teams to implement secure solutions.
Automate and streamline security processes, aligning with the principle that “Complexity is the enemy of Security.”
Oversee Vulnerability Management and Patch Management processes, ensuring timely remediation.
Design and implement robust security measures and contribute to Red Team activities, including assessments of cloud, network, wireless, physical, and social engineering scenarios.
Take ownership of assigned tasks and drive the continuous improvement of security practices across the organization.
Assist in setting up and maintaining monitoring systems to identify and respond to potential incidents in real time.
Develop custom tools, scripts, and scanners to address unique security challenges and automate repetitive tasks.
Provide architectural guidance for securing cloud-based applications and DevOps pipelines.
Continuously stay updated on emerging security technologies and techniques, sharing knowledge with the team.
Qualifications:
3-5 yrs experienced Sr security engineer.
Expertise in cloud security (AWS, Azure, or GCP) with a strong understanding of securing applications and infrastructure in cloud environments.
Proficiency in DevOps and DevSecOps practices, including secure CI/CD pipeline integration and automation.
Strong knowledge of OWASP and SANS testing methodologies for identifying and mitigating security vulnerabilities.
Good understanding of software security weaknesses, architecture vulnerabilities, and mitigation strategies.
Hands-on experience in threat modeling, vulnerability assessments, and penetration testing.
Proficiency in any scripting language - Python.
Experience in developing or customizing tools, scanners, or extenders for specific security needs.
Ability to work independently and collaboratively within a team to solve complex security challenges.
Experience in implementing security monitoring systems for early incident detection.
Strong problem-solving skills and the ability to think creatively to simulate attack scenarios.
Certification in security-related fields (e.g., AWS Certified Security, CISSP, CEH, OSCP).
Experience with container security and orchestration platforms like Kubernetes and Docker.
Knowledge of Infrastructure as Code (IaC) tools like Terraform or CloudFormation.
Familiarity with modern DevOps tools (e.g., Jenkins, GitLab, Ansible).
Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization.
Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.