R

Security Engineer

Razorpay · Bengaluru, Karnataka, India

~₹18L (est.)2–8 yrs experiencefull_timePosted 1w ago
Apply now →

Job description

**AI Security Engineer** **Role Summary** ● We are hiring an AI Engineer who will build agentic systems and AI-driven automation for our security and infrastructure functions. ● The ideal candidate is AI-native first — fluent in LLMs, agent frameworks, and prompt/context engineering — with working knowledge of security and a strong grasp of infra/deployment. ● This is not a traditional security engineering role. We want someone who thinks in terms of agents, tools, and orchestration, and who can ship AI systems that operate against real production infrastructure. ● Reports into Security/Platform leadership; collaborates with SecOps, CloudSec, AppSec, and SRE teams. **What You'll Build** ● **Agentic security workflows** — multi-agent systems (planner-executor, orchestrator-subagent) for IR triage, threat hunting, alert correlation, and compliance evidence collection. ● **MCP servers and clients that wrap internal tools** (SentinelOne, Zscaler, AWS APIs, Active Directory, Jamf, Semgrep, etc.) so agents can act on production systems. ● **AI-driven infra automation** — agents that deploy, configure, and remediate Kubernetes workloads, IAM policies, network rules, and cloud resources. ● L **LM-powered detection and response pipelines** — log summarisation, anomaly explanation, runbook execution, and automated containment with human-in-the-loop guardrails. ● **Evals, guardrails, and safety layers for production AI systems handling sensitive data.** **● Internal AI platform** — gateways, model routing, prompt registries, and observability for LLM use across the org. **Must-Have: AI Engineering** ● Hands-on experience building production systems with Claude (Anthropic API), OpenAI, or equivalent frontier LLMs — not just chatbot demos. ● Strong prompt engineering and context engineering — understands tool-use loops, structured outputs, evals, and failure modes. ● Built at least one agentic system end-to-end — planner-executor, ReAct, orchestrator-subagent, or similar. ● Experience with MCP (Model Context Protocol) — has built MCP servers/clients or equivalent tool-wrapping abstractions. ● Comfort with agent frameworks — Claude Agent SDK, LangGraph, AutoGen, CrewAI, or custom orchestration. ● Working knowledge of local inference — Ollama, LM Studio, vLLM, llama.cpp — and proxy layers like LiteLLM. ● Familiarity with fine-tuning, RAG, and embeddings — knows when to reach for each. ● Has shipped at least one AI system that took real actions on real systems (not read-only analysis). **Must-Have: Infra & Deployment** ● Strong Kubernetes chops — has deployed and operated workloads on EKS/GKE/AKS, written Helm charts or Kustomize, and debugged pod/networking/RBAC issues. ● AWS or GCP depth — IAM, VPC, networking, secrets, observability. ● Infrastructure as Code — Terraform, Pulumi, or CDK. ● CI/CD — GitHub Actions, ArgoCD, or similar; understands deployment patterns (blue-green, canary). ● Comfortable making agents drive infra changes — knows the diff between "agent suggests a Terraform plan" and "agent applies it" and how to gate the latter safely. ● Container security basics — image scanning, Pod Security Standards, admission controllers. **Nice-to-Have: Security Knowledge (Add-on)** ● Familiarity with at least one of: SIEM/XDR (SentinelOne, Splunk), SAST/DAST (Semgrep, Burp), CSPM (Wiz, Prowler), or DLP/SSE (Zscaler). ● Awareness of OWASP Top 10 for LLMs, prompt injection, jailbreaks, and data exfil via LLMs. ● Conceptual understanding of compliance regimes — PCI DSS, ISO 27001, SOC 2, RBI, DPDP — enough to know what "evidence" means. ● Threat modelling fundamentals (STRIDE) and MITRE ATT&CK literacy. ● Note: We are not looking for a CISSP profile. Security knowledge is an add-on; AI engineering and infra are the primary bar. Mindset ● Builder, not just a researcher — ships systems, not just notebooks. ● Pragmatic about AI — knows what LLMs are bad at and designs around it (deterministic fallbacks, validators, human-in-the-loop). ● Safety-aware — thinks about prompt injection, tool abuse, and blast radius before an agent gets sudo. ● Comfortable with ambiguity — this space changes monthly; you should enjoy that. Location - Bangalore