Job Title: Security Engineer - II
Location: Bangalore (On-site; full-time)
About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women’s safety geo-tracking app into a globally recognized logistics optimization platform.
Our technology has empowered enterprises such as Unilever and Nestlé to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics.
Key Responsibilities:
Conduct comprehensive threat modeling for applications, cloud infrastructure, and overall systems architecture.
Perform secure code reviews and security assessments for web, Android, and iOS applications, with a strong focus on cloud infrastructure security.
Proactively identify and mitigate vulnerabilities across platforms, collaborating with development and DevOps teams to implement secure solutions.
Automate and streamline security processes, aligning with the principle that “Complexity is the enemy of Security.”
Oversee Vulnerability Management and Patch Management processes, ensuring timely remediation.
Design and implement robust security measures and contribute to Red Team activities, including assessments of cloud, network, wireless, physical, and social engineering scenarios.
Take ownership of assigned tasks and drive the continuous improvement of security practices across the organization.
Assist in setting up and maintaining monitoring systems to identify and respond to potential incidents in real time.
Develop custom tools, scripts, and scanners to address unique security challenges and automate repetitive tasks.
Provide architectural guidance for securing cloud-based applications and DevOps pipelines.
Continuously stay updated on emerging security technologies and techniques, sharing knowledge with the team.
Qualifications:
3-5 yrs experienced Sr security engineer.
Expertise in cloud security (AWS, Azure, or GCP) with a strong understanding of securing applications and infrastructure in cloud environments.
Proficiency in DevOps and DevSecOps practices, including secure CI/CD pipeline integration and automation.
Strong knowledge of OWASP and SANS testing methodologies for identifying and mitigating security vulnerabilities.