Cyber Security Software Engineer

Job Description

Location: Bengaluru / Hybrid / Remote

About the Role

We are looking for a Cyber Security Software Engineer with strong expertise in vulnerability management, SBOM frameworks, and modern application security practices. You will be responsible for building security automation, integrating vulnerability intelligence into product workflows, and ensuring secure-by-design engineering across our platform.

Key Responsibilities

• Design and implement software solutions for vulnerability identification, analysis, and remediation.
• Integrate SBOM generation and validation into CI/CD pipelines using industry standards like CycloneDX or SPDX.
• Develop and automate VEX workflows to contextualize vulnerabilities and reduce false positives.
• Build tools and APIs to ingest, normalize, and correlate vulnerability data from sources such as NVD, OSV, EPSS, ExploitDB, etc.
• Collaborate with product engineering to enforce secure coding and supply chain security practices.
• Support threat modeling, dependency scanning, container scanning, and SAST/DAST automation.
• Assist in security monitoring, incident response, and continuous risk assessment.

Required Skills & Experience

• Strong programming skills in Python, Go, or JavaScript.
• Hands-on experience with vulnerability scanners and security frameworks.
• Understanding of SBOM, VEX, CVSS, CWE, CVE ecosystem, and secure SDLC.
• Solid knowledge of CI/CD tools, container security, and cloud security fundamentals.
• Familiarity with REST APIs, microservices, and distributed systems.

Preferred Qualifications (Bonus, Not Mandatory)

• Experience with compliance standards: SOC 2, ISO 27001, PCI-DSS, HIPAA, etc.
• Knowledge of container security (Trivy, Grype, Anchore, Twistlock, etc.).
• Understanding of supply chain security frameworks like SLSA or OpenSSF.
• Exposure to Elasticsearch, Postgres, or NoSQL databases.
• Contributions to security tools, research, or CVE/SBOM communities.

Who You Are

• You think like an engineer but understand attacker mindset.
• You prefer automation over manual firefighting.
• You can interpret vulnerability data—not panic at it.
• You care about reducing noise, improving context, and delivering actionable insights.

What You’ll Work On

• Supply chain security
• SBOM & VEX automation
• Vulnerability analytics
• Secure DevOps tooling
• Policy enforcement & compliance maturity

What We Offer

• Opportunity to build cutting-edge security tooling for real-world products.
• Work with an experienced engineering and DevOps team.
• Competitive compensation with performance incentives.
• A culture that values security, automation, and innovation.

Education

• Bachelor’s in Computer Science / Cyber Security / Engineering or equivalent practical experience.