Lead Security Engineer

Overseeing the security posture across our infrastructure, applications, and cloud environment\n\nKey Responsibilities\nSecurity Architecture & Threat Modeling: Architect, deploy, and enforce robust security controls across cloud infrastructure (AWS/OCI), networks, and CI/CD pipelines. Lead comprehensive threat modeling exercises for new features and enterprise architectures to identify vulnerabilities and design mitigating controls before code is written\nPerimeter Defense & WAF Management: Deploy, manage, and continuously tune Web Application Firewalls (WAF), API gateways, and bot mitigation platforms to protect critical enterprise assets against Layer 7 attacks, DDoS attempts, and OWASP Top 10 vulnerabilitie\nStrategic Leadership: Develop, implement, and maintain the organization's comprehensive security roadmap, aligning technical security initiatives with business objectives and compliance requirements\nIncident Management & Response: Direct the incident response team during critical security events, overseeing containment, eradication, forensic analysis, and executive post-mortem reporting\nCross-Functional Collaboration: Partner directly with engineering directors and product managers to embed DevSecOps practices, acting as the primary security advisor for new product launches and major infrastructure changes\nVulnerability & Risk Management: Oversee penetration testing, manage the bug bounty program, and lead continuous internal vulnerability management\nMentorship & Team Building: Direct day-to-day operations for the security engineering team, providing technical mentorship, conducting performance reviews, and fostering a culture of proactive defense\nAI-Driven Security : Build, evaluate, integrate, AI powered security tools to accelerate vulnerability detection. Design and implement security guardrails for Navi's in-house AI/ML infrastructure.

Proactively identify and mitigate AI-specific attack vector\n\nMust Have\nExperience: 8+ years of progressive experience in cybersecurity, application security, or infrastructure security\nTechnical Defenses: Hands-on expertise configuring and managing enterprise-grade Security tools\nThreat Intelligence & Risk: Proven expertise in enterprise threat modeling (e.g., STRIDE, PASTA), risk assessments, and leveraging frameworks like MITRE ATT&CK to proactively defend against advanced threat\nArchitecture Proficiency: Advanced knowledge of cloud security architectures, container orchestration (Docker, Kubernetes), identity and access management (IAM/SSO), and zero-trust network principles\nScripting & Automation: Strong proficiency in at least one language (e.g., Python, Go, Bash) to drive security automation, custom tooling, and infrastructure-as-code (IaC) security reviews\nAI/ML Security Expertise : Familiarity with emerging AI security frameworks (e.g., OWASP Top 10 for LLMs\n\nAbout Navi\nNavi is on a mission to make finance simple, accessible, and affordable for a billion Indians. Guided by a strong customer-first approach, the company is building tech-first solutions that work at scale\nTheir offerings include a range of financial products and services across Loans, Insurance, Mutual Funds, Digital Gold, and UPI. Founded by Sachin Bansal & Ankit Agarwal in 2018, Navi is one of India’s fastest-growing financial services organization\n\nOur Culture\nAt Navi, ambition meets opportunity, and ideas turn into impact quickly.

We empower people with high ownership from the start, encouraging them to solve meaningful problems and build with excellence. Teams work in an environment that values speed, collaboration, and craftsmanship, while celebrating learning, growth, and shared wins. The company is guided by The Navi OS—a set of principles that shape how we work and win together.

You can explore /our-values to see what drives them every\nday.\nIf this feels like you, Navi is the place to grow, thrive and make a real impact