Security Engineer

Drivetrain·Lever
IndiaFull TimePosted Jul 1, 2026
Open original posting

The Role

As a Security Engineer at Drivetrain, you'll own and evolve our security posture across product, infrastructure, and internal tooling. You'll work closely with Engineering, IT, and Compliance to make sure security is built into how we ship — not bolted on after the fact. This is a hands-on role for someone who wants to build systems and processes, not just write policy.

What You'll Do

  • Design, implement, and maintain security controls across cloud infrastructure (AWS/GCP), CI/CD pipelines, and internal systems
  • Lead application security efforts: threat modeling, secure code review, and integrating SAST/DAST tooling into the development lifecycle
  • Own vulnerability management — triage, prioritize, and drive remediation of findings from scans, pen tests, and bug bounty reports
  • Monitor for and respond to security incidents; build and maintain incident response runbooks
  • Manage identity and access controls (SSO, RBAC, least-privilege enforcement) across internal and customer-facing systems
  • Support customer security questionnaires, audits, and certifications (e.g., SOC 2, ISO 27001)
  • Partner with engineering teams to embed secure-by-design practices into new features and services
  • Evaluate and implement security tooling (secrets management, endpoint protection, cloud security posture management)
  • Educate the broader team on security best practices and champion a security-first culture

What We're Looking For

  • 2+ years of experience in security engineering, application security, or a related infrastructure/security role
  • Strong understanding of cloud security fundamentals (AWS or GCP), network security, and IAM
  • Experience with secure SDLC practices — code review, dependency scanning, CI/CD pipeline security
  • Familiarity with common frameworks and standards (OWASP Top 10, SOC 2, ISO 27001, GDPR)
  • Hands-on scripting/automation skills (Python, Go, or similar) for building internal security tooling
  • Experience responding to and documenting security incidents
  • Clear communicator who can translate security risk into terms non-security stakeholders understand

Nice to Have

  • Experience securing a SaaS product handling sensitive financial data
  • Prior experience leading a SOC 2 Type II or ISO 27001 audit from the engineering side
  • Familiarity with container security (Docker/Kubernetes) and IaC scanning (Terraform)
  • Relevant certifications (OSCP, CISSP, CCSP) — nice signal, not required

The Role

As a Security Engineer at Drivetrain, you'll own and evolve our security posture across product, infrastructure, and internal tooling. You'll work closely with Engineering, IT, and Compliance to make sure security is built into how we ship — not bolted on after the fact. This is a hands-on role for someone who wants to build systems and processes, not just write policy.

What You'll Do

  • Design, implement, and maintain security controls across cloud infrastructure (AWS/GCP), CI/CD pipelines, and internal systems
  • Lead application security efforts: threat modeling, secure code review, and integrating SAST/DAST tooling into the development lifecycle
  • Own vulnerability management — triage, prioritize, and drive remediation of findings from scans, pen tests, and bug bounty reports
  • Monitor for and respond to security incidents; build and maintain incident response runbooks
  • Manage identity and access controls (SSO, RBAC, least-privilege enforcement) across internal and customer-facing systems
  • Support customer security questionnaires, audits, and certifications (e.g., SOC 2, ISO 27001)
  • Partner with engineering teams to embed secure-by-design practices into new features and services
  • Evaluate and implement security tooling (secrets management, endpoint protection, cloud security posture management)
  • Educate the broader team on security best practices and champion a security-first culture

What We're Looking For

  • 2+ years of experience in security engineering, application security, or a related infrastructure/security role
  • Strong understanding of cloud security fundamentals (AWS or GCP), network security, and IAM
  • Experience with secure SDLC practices — code review, dependency scanning, CI/CD pipeline security
  • Familiarity with common frameworks and standards (OWASP Top 10, SOC 2, ISO 27001, GDPR)
  • Hands-on scripting/automation skills (Python, Go, or similar) for building internal security tooling
  • Experience responding to and documenting security incidents
  • Clear communicator who can translate security risk into terms non-security stakeholders understand

Nice to Have

  • Experience securing a SaaS product handling sensitive financial data
  • Prior experience leading a SOC 2 Type II or ISO 27001 audit from the engineering side
  • Familiarity with container security (Docker/Kubernetes) and IaC scanning (Terraform)
  • Relevant certifications (OSCP, CISSP, CCSP) — nice signal, not required

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free