About Coinswitch

CoinSwitch breaks down the complexities in Crypto, empowering the everyday Indian to make informed investment decisions on a simple and trusted platform. When we started up, Crypto was a field reserved for specialists. Today, over 20 million users trust CoinSwitch to learn, purchase and invest in Crypto. That makes us India’s largest crypto app.

On CoinSwitch, users can invest in Crypto with a few simple taps, either as a one-time purchase or in regular intervals through an SIP. But simplicity is not a substitute for informed decisions. A CoinSwitch user spends 27 minutes on our app—to learn about Crypto and Web3 through our educational content and understand the market sentiments through CRE8, the Crypto Rupee Index.

About The Role:

CoinSwitch is seeking a highly skilled Security Engineer to join our security engineering team. This role is critical to designing, implementing, and maintaining robust security measures across our entire applications and infra, ensuring the confidentiality, integrity, and availability of our systems. You will play a key role in building a proactive security posture and fostering a security-first culture at coinswitch.

Responsibilities:

• Assess and Review CoinSwitch products in detail to discover vulnerabilities and collaborate with the other security engineers to practically demonstrate the exploitability and risk factors.

• Be on the forefront of emerging vulnerabilities / threats which could affect CoinSwitch and its operations.

• Secure Architecture and SDLC: Design and build secure systems across all layers (Application, Infra, enterprise), implement AppSec and Secure SDLC practices including SAST, DAST, and SCA.

• Decent understanding of AWS Cloud and Container security best practices for containerization, ECS, and Kubernetes, and managing secrets/key management.

• API Security: Ensure the security of GraphQL and REST APIs.

• DevSecOps and Automation: Drive DevSecOps enablement by integrating security into CI/CD pipelines and implementing .

• Vulnerability Management and Testing: Lead internal/external VAPT, conduct penetration testing (web, API, mobile, cloud), and manage bug bounty programs and the Coordinated Vulnerability Disclosure (CVD) process.

• Vulnerability Remediation and Hardening: Drive post-VAPT remediation, manage vulnerability scanning, track mitigation.

• Collaborate with engineering, DevOps, and IT to embed security in all the systems.

• Security Automation : Automate security testing and improve productivity in security assessments.

Requirements:

• 6-9 years of experience in Security Engineering, AppSec, Product Security DevSecOps, or a related security-focused role.

• Strong understanding of secure architecture principles for network, OS, and application layers.

• Hands-on experience with AppSec tooling (SAST, DAST, SCA) and implementing Secure SDLC.

• Experience in Mobile Application Security Testing and tools used.

• Deep knowledge of secrets and key management solutions.

• Experience with API security & testing, including GraphQL and REST.

• Demonstrable experience with DevSecOps enablement and pipeline integrations.

• Proven track record of conducting VAPT, penetration testing, and red/purple team exercises.

• Experience managing bug bounty programs and external security testing vendors.

• Excellent communication, documentation, and collaboration skills.

Good To Have:

• knowledge of incident management and leading high-severity incident response.

• Familiarity with threat intelligence feeds and proactive threat hunting.

• Knowledge of SAML / OAuth / Open ID Connect.

• Understanding of Cloud Security, Endpoint Security, WAF etc.

Preferred Qualifications:

• Certifications in Security (e. g., OSCP, OSWE, CISSP, GSEC, AWS Certified Security - Specialty).

• Knowledge of compliance frameworks (e. g., ISO 27001, SOC 2).

Life at CoinSwitch

We take great pride in what we do, and are committed to our mission. And we have a lot of fun while at it!

Here’s how we do things at CoinSwitch:

• Customer-first: That’s the North Star. Everything we do is to make our users’ investment experience better and simplified.

• Ownership: We don’t sport lab coats, but we experiment—a lot. And we take ownership. We even have a catchphrase for this: Think big, fail fast, and build better.

• Data-driven: The source of truth. Simple as that.

• Fun: PS5, anyone? Or do you prefer Foosball? Or perhaps Carrom? And yes, our HR team has a whole list of activities: Disco nights, off-sites, gift boxes, and more!

Speaking of lists, the perks and benefits are so extensive, this space isn’t enough. Here are a few:

• Parenthood: Up to 8 months of Maternity leave and 1 month of Paternity leave

• Gender Reassignment Surgery: Be the best version of you! We’ll support you and reimburse your medical bill.

Disclaimer: We are an equal opportunity employer committed to building a respectful and empowering work environment for all people to freely express themselves amongst colleagues who embrace diversity in all respects. Including fresh voices and unique points of view in all aspects of our business not only creates an environment where we can all grow and thrive but also increases our potential to produce work that better represents—and resonates with—the world around us.