we are looking for a senior cyber security engineer to drive end-to-end security architecture, operations, and culture across dehaat's tech landscape. you will work closely with engineering, devops, data, and compliance teams to lead security initiatives and strengthen our defenses across cloud, applications, and infrastructure.
key responsibilities
- conduct web and android application vulnerability assessments and penetration testing (vapt) following owasp and industry standards.
- conduct network pentesting on cloud infrastructure
- perform secure source code reviews using tools such as sonarqube and semgrep, and recommend remediations.
- develop and integrate devsecops pipelines, embedding security into the ci/cd lifecycle.
- implement and manage siem solutions such as wazuh and other threat detection/logging platforms.
- design and enforce cloud security configurations, including aws waf and cloudflare for ddos mitigation and application protection.
- work with development teams to integrate security best practices and review threat models and secure architecture designs.
- ensure compliance with industry standards such as pci-dss and iso 27001, and help support audit readiness.
- provide detailed security findings, risk analysis, and actionable recommendations to stakeholders and developers.
- stay updated with the latest threats, vulnerabilities, and technologies.
requirements
- junior 2-4, or senior 5-6 years of experience in cybersecurity, with hands-on expertise in cloud and application security.
- deep understanding of aws security services (iam, vpc, kms, guardduty, etc.).
- experience with siems, wafs, endpoint protection, and vulnerability management tools.
- proficiency in secure sdlc, devsecops, and scripting (python, bash).
- familiarity with industry frameworks (owasp, nist, mitre) and regulatory standards.
- certifications like cissp, oscp, or aws security specialty are a plus.
- strong communication, leadership, and cross-functional collaboration skills.
