SDE II (Vulnerability Detection)

This is a remote position.

Role Overview

As a SDE II (Vulnerability Detection), you will be at the forefront of vulnerability research and detection engineering for our cloud-based SaaS security platform. Your primary focus will be on identifying new attack techniques, researching emerging threats, and developing high-fidelity detection rules to enhance our offensive security engine.

This role requires a deep understanding of web, cloud, and API security, along with hands-on experience in exploiting vulnerabilities, writing detection logic, and optimizing scanning strategies. You will work closely with security researchers, engineers, and product teams to ensure our platform remains ahead of evolving threats.

If you're passionate about offensive security, love breaking things to make them more secure, and want to shape the future of automated vulnerability detection, we’d love to have you on board.

Roles & Responsibilities:

• Work in our Attack Engine Team to create vulnerability detection rules that identify exploits in web applications, cloud environments, and APIs.
  

• Conduct security research on vulnerabilities, CVEs, and zero-days impacting web technologies, cloud infrastructure, and API ecosystems.
  

• Develop and maintain JavaScript/GoLang-based detection logic, leveraging your programming skills to automate security analysis and exploit identification.
  

• Collaborate with security researchers and engineering teams to design and implement detection modules, APIs, and automation frameworks.
  

• Work in an agile development environment, contributing to the architecture, design, and implementation of Astra’s web security engine.
  

• Research, design, develop, and troubleshoot—what you build, you own.
  

• Write secure, modular, testable, and well-documented code to maintain high-quality engineering standards.
  

• Adhere to strict code review and security best practices, ensuring high-quality and maintainable code.
  

• Ensure timely delivery of features, maintaining transparency with technical managers regarding development progress.
  

Requirements

• Strong analytical mindset with a passion for security research and offensive security.
  

• 4-5 years experience involving security & development experience in JavaScript (preferred) or any curly-bracket language such as C, C++, PHP.
  

• Understanding of security concepts and experience with vulnerability research for Web, API, and Cloud environments.
  

• Excellent problem-solving skills and strong attention to detail.
  

• Strong communication and collaboration skills, with the ability to work effectively in a remote team environment.
  

• Eagerness to learn and adapt to new technologies, methodologies, and evolving security threats.
  

• Hands-on experience with Git for version control and collaboration.
  

Good to have

• Experience using security tools such as Burp Suite, OWASP ZAP, or similar vulnerability assessment tools.
  

• Understanding of Software Architecture and Design Patterns, with the ability to write scalable and maintainable code.
  

• Prior experience working in a remote role, with strong self-management and collaboration skills.
  

Benefits

• Adrenaline rush of being a part of a fast-growing company and working on hard problems that matter.
  
• Fully remote, agile working environment.
  
• Good engineering culture with full ownership in design, development, and release lifecycle.
  
• A wholesome opportunity where you get to build things from scratch, improve, and ship code to production in hours, not weeks.
  
• Holistic understanding of the SaaS and security industry.
  
• Annual trips to beaches or mountains (last one was to Wayanad!).
  
• Open and supportive culture.
  
• Health insurance & other benefits for you and your spouse (maternity benefits included).