Website:
rudra.io
Job details:
Cyber Security Engineer
Mumbai | Full-Time | On-site | Immediate Requirement
Before You Apply
We learned the hard way that CVs full of certifications and buzzwords don’t predict whether someone can actually do this job. So we’re putting this upfront.
Answer these with your application (3-5 sentences each). We read these before your CV.
- Describe a security assessment, penetration test or research you conducted. What was the scope, what did you find and how did you report it?
- Tell us about a time you found something that a scanner missed. What was it, and how did you find it?
- Share a link to, or describe, an automation script you wrote for a security task. What problem did it solve?
How we hire:
CV Deep-Dive: We walk through your CV together. Anything that’s there, be ready to talk about it in detail.
Technical Exercise: A simulated engagement - we give you something to work on. Triage, prioritise and write up findings as if it were a real client deliverable.
Engagement Walkthrough: Pick an assessment or incident you’ve handled. Walk us through it end-to-end.
If all that sounds reasonable, read on.
The Real Job
RUDRA is a cybersecurity engineering firm. We break into systems, figure out what’s wrong and help fix them - for clients across telecom, fintech and enterprise, and for our own products.
A typical month: Two weeks deep in a client VAPT engagement - testing APIs, reviewing source code, auditing firewall rules, writing the report, presenting to leadership. Next two weeks, you’re triaging a vulnerability for another client, reviewing a pull request on one of our products for security flaws and updating a runbook so the next engineer doesn’t have to rediscover what you already figured out.
If your experience is mostly theoretical, or limited to forwarding scanner output with a cover page, this is nokt the right fit for you.
What You'll Do
- VAPT across web apps, APIs, mobile, and infrastructure.
- White-box audits with full access to source code, configs, and live systems.
- Incident investigation: log analysis, lateral movement detection, attacker reconstruction.
- Source code review for OWASP Top 10, business logic flaws, and cryptographic weaknesses.
- Firewall, network segmentation, and cloud security group audits.
- SBOM generation, dependency auditing, supply chain risk assessment.
- External attack surface mapping and leaked credential monitoring.
- Secure our own products: code reviews, architecture assessments, pipeline security.
- Support clients on an ongoing basis: monitoring, hardening, incident response.
- Write detailed technical reports with CVSS-scored findings, working PoCs, and remediation guidance. We take documentation seriously - reports, runbooks, SOPs, and knowledge base articles are first-class deliverables, not busywork.
- Present findings to client leadership and support remediation.
Apply to hr@rudra.io with Your CV, Answers to the Above 3 Questions and If You Can Say Yes to the Points Below:
- You’ve conducted a security assessment and delivered a written report to a client or stakeholder.
- You can read a firewall ruleset and explain what’s wrong - not just flag it in a tool.
- You’ve reviewed source code for security flaws beyond running a SAST tool.
- You can look at logs and piece together what happened during a security event.
- You’ve written Python or Bash scripts that automated a real security workflow.
- You treat documentation as part of the job - you’ve written runbooks, SOPs or guides that others actually used.
- You can explain technical findings to a non-technical audience.
Nice To Have
- Telecom security: USSD/SSD, carrier APIs, SS7.
- RouterOS/MikroTik.
- Cloud security (AWS, Azure, Cloud4C).
- Fintech compliance (PCI DSS, SOC 2, RBI guidelines).
- Prior consulting or security services experience.
- Certifications (CEH, OSCP, CISSP) - they help, but won’t substitute for demonstrated ability.
#Hiring #CyberSecurity #NetworkSecurity #OTSecurity #CriticalInfrastructure #Mumbai #RUDRA
Click on Apply to know more.