InterviewStack.io LogoInterviewStack.io
Browse more Cybersecurity Engineer jobs

Senior Security Engineer

Locus

Bengaluru, India1 day ago
25 views14 saves5 applies

Prepare for this role

Job Type

full time

Description

Job Title : Senior Security Engineer

Location : Bangalore; (Full Time, Onsite)

About Locus

Battle-tested in 350+ deployments across 30+ countries, Locus is an agentic Transportation Management System for all-mile, all-channel, trusted by enterprises like Unilever, Nestlé, and Siam Makro.

The platform unifies orders, capacity, and carrier networks into one living plan, aligning planning, execution, and settlement so promises become proof. AI co-pilots with guardrails surface risk early and recommend the next best move to protect SLAs and reduce empty miles.

In 2025, Locus joined the Ingka Group (IKEA Retail) family, marking a major milestone in our journey. Backed by the scale and strength of IKEA, we continue to operate independently while accelerating our mission to make global supply chains faster, smarter, and more sustainable.

Our Journey and Impact

Since 2015, Locus has been on a mission to make logistics decision-making intelligent, sustainable, and real-world ready. Our platform has powered billions of deliveries across 30 + countries for global enterprises, driving measurable impact in cost savings, carbon reduction, and SLA performance. With the strength of the IKEA ecosystem behind us, we’re scaling that impact even further.

Our Global Footprint

Headquartered in Bangalore, with teams across the U.S., U.K., UAE, and Southeast Asia, Locus brings together 170 + engineers, designers, and problem-solvers united by a single goal: to reinvent how the world moves goods.

Traits We Value

We look for people who are:

  • Global in mindset: curious about diverse markets and ideas.

  • Unrelenting in drive: energized by complex challenges.

  • Intelligent in approach: analytical, creative, and thoughtful.

  • Dynamic in execution: adaptive and decisive in fast-moving contexts.

  • Exact in craft: detail-oriented and committed to excellence.

About the Role

We are looking for a Senior Security Engineer to own and drive our security engineering programme across cloud and infrastructure security, DevSecOps, and detection engineering. You will work on a next-generation multi-tenant SaaS running on Kubernetes, served to enterprise clients across multiple regions. Beyond the platforms, Locus operates a suite of AI-agent products in production, adding a modern and growing attack surface that this role will actively help secure.

This is a hands-on senior IC role with broad scope. You will work closely with engineering and DevOps teams, set technical direction for security across the organisation, and operate with a high degree of autonomy. Minimum 5 years of experience in a multi-domain security engineering role is required.

Key Responsibilities

  • Lead threat modeling and security design reviews for cloud infrastructure, multi-tenant application architectures, and AI-agent systems — integrating security from the design stage, not as an afterthought.

  • Own cloud security posture across AWS and Kubernetes — enforce IAM least-privilege, harden cluster security (pod security standards, network policies, admission controls), manage secrets hygiene, and drive compliance with cloud security benchmarks.

  • Drive DevSecOps security controls across CI/CD pipelines, including SAST, DAST, SCA, secrets scanning, container image scanning, and IaC security — as enforcing gates, not advisory checks.

  • Own and harden supply-chain security: dependency and base image governance, build provenance controls, branch protection enforcement, and ensuring every new repository inherits security gates from creation.

  • Design, implement, and continuously improve security detections across cloud, runtime, and endpoint layers — author detection rules, tune alerts, reduce false-positive rates, and build towards proactive threat hunting.

  • Own the vulnerability management process end-to-end — triage findings from multiple scanner sources using risk-based prioritisation, drive SLA adherence with engineering teams, and report risk posture to leadership.

  • Build and own incident response capability — define and maintain response playbooks, run tabletop exercises on realistic scenarios, instrument detection-to-containment metrics, and ensure significant incidents close with written RCAs.

  • Conduct security assessments of cloud configurations, API surfaces, and multi-tenant authorization boundaries — identify architectural weaknesses and drive remediation to closure.

  • Review and assess the security posture of AI-agent products in production, covering prompt-injection risks, data isolation, tool-boundary abuse, and SSRF exposure — aligned to OWASP LLM Top-10 and MITRE ATLAS.

  • Develop and maintain custom tooling, scripts, and automation to scale security coverage and reduce manual effort — agentic triage workflows, detection automation, and purpose-built scanners.

  • Champion secure-by-design practices across engineering — run security reviews at project intake, translate risk into developer-friendly guidance, and maintain a security culture grounded in 'complexity is the enemy of security.'

  • Stay current with emerging attack techniques, cloud security risks, AI-agent threat patterns, and detection strategies — and actively share that knowledge with the team.

Required Skills & Experience

  • 5+ years of hands-on experience in a multi-domain security engineering role — cloud security, DevSecOps, and detection engineering are daily practice, not separate chapters.

  • Deep cloud security expertise: IAM, VPC and network security, cloud-native threat detection services, secrets management, and preventive cloud controls at scale.

  • Hands-on Kubernetes and container security: pod security standards, network policies, RBAC, admission controllers, runtime threat detection, and container image hardening.

  • Proven DevSecOps experience: integrating SAST, SCA, secrets scanning, and container scanning as enforcing gates in production CI/CD pipelines.

  • Detection engineering experience: authoring or tuning detection logic in an EDR, SIEM, or cloud security platform — not just consuming alert queues.

  • Vulnerability management: risk-based triage from multiple scanner sources, SLA enforcement with engineering teams, and leadership-level reporting.

  • Application security foundations: OWASP Top-10, API security, authorization design (including multi-tenant patterns), and threat modeling (STRIDE).

  • Incident response: hands-on experience with alert triage, investigation, and post-incident review, including writing RCAs and running tabletop drills.

  • Strong scripting proficiency in Python or similar for automation, detection queries, and custom tooling.

  • Ability to work independently, take full ownership of domains, and collaborate across engineering and DevOps teams in a lean environment.

  • Strong attacker-and-defender mindset — able to reason about real-world exploitability, not just scanner output.

Preferred Qualifications

  • Relevant certifications: AWS Certified Security – Specialty, CKS (Certified Kubernetes Security Specialist), CCSP (Certified Cloud Security Professional), GCED, or equivalent.

  • Experience with infrastructure-as-code security — identifying and remediating misconfigurations in Terraform, Pulumi, or similar.

  • Detection engineering depth: strong understanding of log sources, alert tuning, false-positive reduction, and MITRE ATT&CK mapping.

  • AI/LLM security experience: OWASP LLM Top-10, prompt injection, multi-agent security patterns, and MITRE ATLAS. Directly applicable — Locus runs AI-agent products in production.

  • Familiarity with policy-as-code frameworks and authorization policy engines.

  • Multi-tenant SaaS security experience — understanding of cross-tenant isolation patterns and common failure modes.

  • Experience working in an ISO 27001 or SOC-2 audited environment alongside a GRC function.

  • Hands-on experience operating commercial CNAPP and SAST/SCA platforms.

  • Bug bounty programme operation or participation.

What We Offer

Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization.

Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.

This job is found at InterviewStack.io

Skills

devsecopskubernetesawsiamci/cdsastdastinfrastructure as codeowaspllmautomationrbacedrsiempythonterraformpuluminetwork securityincident responsethreat modelingvulnerability managementthreat huntingapplication securitycloud security