Skip to content
ZYNOSEC
INITIALIZING SECURE SESSION 00%
Get Assessment
▸ Careers at ZynoSec

Build the platform attackers haven’t seen yet.

Offensive security engineers, AI researchers, and product builders — shipping Kavach by ZynoSec and running high-signal engagements for India’s most-targeted enterprises.

01

Offense-first.

Everyone here ships offense — whether that’s a custom payload, a model prompt, a dashboard, or a researcher payout flow. We do not hire security theater.

02

Ship > talk.

Short cycles. Merged diffs. Public blog posts. We’d rather see your last commit than your last deck.

03

Remote, India-rooted.

Every role is fully remote across India. HQ in Pune for in-person meetups every quarter — otherwise ship from wherever you do your best work.

04

Learning budget, real.

Certs (OSCP, OSEP, OSED, cloud specialties), conference travel, and a lab-hardware allowance — because staying sharp is the job.

▸ Open Roles

Roles we’re hiring for

14 open roles across offensive security, platform engineering, research, and design — all fully remote across India. Don’t see a fit? Write to us anyway — we hire talent ahead of need.

Offensive Security

Junior Security Engineer

Remote, India Full-time

Start your offensive-security career under senior mentorship. You will shadow real engagements, own scoped components of pentests, and grow into web, API, network, and AD testing.

Must have
  • 1–3 yrs hands-on security experience or strong CTF/HTB track record
  • Working knowledge of OWASP Top 10 and basic network protocols
  • Comfort with Burp Suite, nmap, and a scripting language (Python or Bash)
  • Clear written English — you will draft finding sections that a senior reviews
Nice to have
  • OSCP in progress
  • Published CTF writeups or a personal blog
  • Home-lab experience with AD or Kubernetes
Apply
Offensive Security

Security Engineer

Remote, India Full-time

Run web, API, and internal network engagements end to end. You own scope, execution, and the report. Expect to touch cloud, mobile, and AD on any given month — we do not split engineers by service line.

Must have
  • 3–5 yrs pentesting experience across web and network
  • OSCP or equivalent demonstrated skill
  • Comfort with AD basics (Kerberoasting, ACL abuse) and cloud fundamentals (IAM, storage exposure)
  • Can write a customer-ready report without heavy review
Nice to have
  • eWPTX / CRTP / AWS Security Specialty
  • Open-source tooling or a published CVE
  • Prior client-facing work in BFSI or SaaS
Apply
Offensive Security

Senior Security Engineer

Remote, India Full-time

Lead engagements across the full offensive stack. You chain vulnerabilities, find the non-obvious business-logic flaws, and mentor the juniors in the practice. You also feed real attack chains into Sentinel’s agent library.

Must have
  • 5+ yrs across web, API, AD, cloud, and at least one of mobile or ICS
  • OSEP, OSCE3, or equivalent practical experience
  • Can scope a complex engagement from a discovery call
  • Has shipped custom tooling — Burp extensions, Impacket forks, or internal testing helpers
Nice to have
  • Conference talk or published research
  • Bug-bounty track record with chained findings
  • Experience running a small team
Apply
Offensive Security

Staff Security Engineer

Remote, India Full-time

Own our offensive practice methodology. You set how we test, what gets automated into Sentinel, and what stays human. Client-facing on complex engagements, internal-facing on how the team grows.

Must have
  • 8+ yrs in offensive security
  • Deep expertise in at least two of: AD, cloud, AppSec at scale
  • Experience running or leading a practice — hiring, methodology, QA
  • Comfort in front of a CISO and in front of a junior engineer the same day
Nice to have
  • Published book, course, or training material
  • Prior work at a boutique pentest firm or product security team
  • Has built or influenced an industry-standard tool
Apply
Offensive Security

Red Team Operator

Remote, India Full-time

Run objective-driven and assumed-breach engagements. OSINT, initial access, C2, lateral movement, reporting — the full chain. You care about stealth and operational hygiene, not just flags.

Must have
  • 3+ yrs red team or advanced AD/cloud work
  • Hands-on time with Cobalt Strike, Mythic, or Sliver
  • AD and Azure AD attack paths
  • Payload development and EDR evasion
Nice to have
  • CRTO / OSEP
  • Malware dev portfolio
  • Prior TIBER / CBEST-style ops
Apply
Offensive Security

Senior Red Team Operator

Remote, India Full-time

Lead red team engagements for banks and critical infrastructure. You scope the objectives, design the kill chain, run the op, and brief the CISO. You also build the internal toolset the rest of the team uses.

Must have
  • 6+ yrs in red team or adversary simulation
  • Has led at least one regulated red team (TIBER, CBEST, RBI cyber) end to end
  • Custom malloc/loader/payload work
  • Communicates risk cleanly to non-technical executives
Nice to have
  • Public research or talk on C2/evasion
  • Experience building an in-house C2
  • Prior work at a financial-sector red team
Apply
Platform Engineering

AI/ML Engineer — Agentic Security

Remote, India Full-time

Build the agent reasoning behind Sentinel and Recon. Turn recon data and PoCs into an orchestrator that plans like a pentester. You care about eval harnesses as much as clever prompts.

Must have
  • 2+ yrs working with LLMs or agent frameworks in production
  • Python plus PyTorch or JAX
  • RAG, tool-use, and prompt-engineering fundamentals
  • Interest in offensive security — you have read a pentest report or two
Nice to have
  • Published ML research
  • Contributions to agent frameworks (LangGraph, DSPy, Autogen)
  • Prior security-ML product work
Apply
Platform Engineering

Senior AI/ML Engineer — Agentic Security

Remote, India Full-time

Own the agent architecture for Kavach. You decide what each agent does, how they share state, how we eval them, and how we stop them hallucinating in production. Partner closely with the offensive team.

Must have
  • 5+ yrs ML engineering, at least 2 with LLM systems in production
  • Built or scaled an agent system beyond a single prompt-chain
  • Strong eval discipline — you can describe how you catch regressions
  • Comfortable reading offensive-security writeups and turning them into agent capabilities
Nice to have
  • Fine-tuning experience on open-weights models
  • Published research on agents or tool-use
  • Prior staff-level role at an ML product
Apply
Platform Engineering

Full-Stack Engineer — Platform

Remote, India Full-time

Ship the Kavach operator console and the customer portal. TypeScript and Next.js on the front, Go on the back. You will own features from schema to pixel.

Must have
  • 3+ yrs shipping production TypeScript / React / Next.js
  • One backend language at a working level (Go, Rust, or Python)
  • API and auth design intuition — sessions, JWT, RBAC
  • Care about UI craftsmanship
Nice to have
  • Shipped a security or observability product
  • Comfort with Three.js or WebGL
  • Has worked directly with designers on a design system
Apply
Platform Engineering

Senior Full-Stack Engineer — Platform

Remote, India Full-time

Lead major features across the Kavach platform. You will own multi-quarter projects — operator console, findings workflow, customer portal — and shape how the UI and API evolve together.

Must have
  • 6+ yrs building production SaaS across TypeScript and at least one backend language
  • Experience designing APIs that survive more than one consumer
  • Has scaled a frontend codebase through at least one major rewrite or architecture change
  • Strong opinions about DX, weakly held
Nice to have
  • Past staff or lead role on a product with real users
  • OSS maintainer of something people depend on
  • Cares about security engineering, not just security features
Apply
Compliance & Audit

Compliance Engineer

Remote, India Full-time

Translate regulatory clauses into machine-readable checks. Ship new frameworks into Compass and make them audit-defensible. You will work alongside legal and offensive engineers, not in a silo.

Must have
  • Hands-on ISO 27001, SOC 2, or PCI experience on the engineer or auditor side
  • Can read regulation and turn it into a spec
  • SQL plus light scripting (Python preferred)
  • Understands how evidence is actually collected, not just what the clause says
Nice to have
  • DPDP, RBI, SEBI, or CERT-In familiarity
  • Former Big-4 auditor
  • Prior experience building GRC tooling
Apply
Community & Research

Bug-Bounty Triage Engineer

Remote, India Full-time

Arbitrate edge-case submissions on Hive. Validate PoCs, score severity, and communicate crisply with both researchers and customer AppSec teams. You care about researcher fairness and customer signal in equal measure.

Must have
  • Bug-bounty or triage experience on HackerOne, Bugcrowd, or an in-house program
  • Strong reproduction discipline — you will not mark Won’t Fix without good reason
  • Native-level English writing
  • Empathy with both sides of a bounty report
Nice to have
  • Hindi, Marathi, Tamil, or Telugu fluency
  • Active researcher profile
  • Familiarity with CVSS 4.0 and chained-severity scoring
Apply
Design

Security Product Designer

Remote, India Full-time

Design dense, data-rich interfaces for security operators who live in your UI all day. Kavach is visual-first — this role owns the feel of the product.

Must have
  • Strong portfolio of complex SaaS UIs
  • Figma plus design-system fluency
  • Typography and data-viz taste
  • Collaborates cleanly with engineering
Nice to have
  • Prior security, analytics, or dev-tool work
  • Motion design
  • WebGL or shader curiosity
Apply
Community & Research

Developer Relations Engineer

Remote, India Full-time

Grow the Kavach researcher and AppSec community. Write, demo, speak, and ship reference integrations — make Kavach the default platform people build on.

Must have
  • Technical writing and public speaking portfolio
  • Hands-on security or devtools background
  • Comfortable shipping code in public
  • Owns their calendar
Nice to have
  • Active conference speaker
  • Maintains a popular blog or OSS tooling
  • Prior DevRel at a technical SaaS
Apply

Don’t see your role?

We hire ahead of need for offensive engineers, AI researchers, and product builders. Send us your latest writeup or PoC and a one-liner about what you want to build.

Write to careers@zynosec.com