coderabbit
coderabbit23d ago
New

Security Engineer

IndiaIndia·Bangalorefull-timemid
EngineeringSecurity Engineer
2 views0 saves0 applied

Quick Summary

Overview

About CodeRabbit CodeRabbit is an innovative research and development company focused on building extraordinarily productive human-machine collaboration systems.

Technical Tools
EngineeringSecurity Engineer

CodeRabbit is an innovative research and development company focused on building extraordinarily productive human-machine collaboration systems. Our primary goal is to create the next generation of Gen AI-driven code reviewers: a symbiotic partnership between humans and advanced algorithms that significantly outperforms individual engineers. We combine language models with human ingenuity to push the boundaries of software development efficiency and quality.

About the Role

~1 min read

We're looking for a hardcore offensive security engineer/researcher to join our security team — someone who thinks like an attacker and builds like an engineer. You'll spend your time finding ways to break our own systems before anyone else does, then work directly with engineering to fix what you find.

If you've disclosed vulnerabilities, hunted bug bounties, or get genuinely excited about a new CVE writeup, this role is built for you.

Responsibilities

~2 min read

  • Plan and execute scoped offensive security assessments, red team operations and adversary-emulation exercises across enterprise, application, cloud, and network environments — simulating real attacker behavior, not checklist-based audits

  • Identify, exploit, and responsibly document vulnerabilities across web applications, APIs, network infrastructure, wireless, mobile, and cloud-native attack surfaces

  • Assess AI and agentic-system attack surfaces, including prompt injection, tool/function-calling abuse, agent privilege boundaries, RAG/vector-store poisoning, model/system-prompt leakage, data exfiltration paths, and abuse of connectors or automation workflows.

  • Develop and refine proof-of-concept exploits, custom tooling, and scripts (Python, Go, or similar) to support engagements and scale offensive capabilities

  • Work as part of a team to explore systems methodically, taking time to avoid detection — the goal is reaching the objective quietly, not finding every possible vulnerability

  • Turn findings into durable fixes: partner with engineering on root cause, remediation design, secure-by-default patterns, tests, logging, detection opportunities, and fix validation.

  • Continuously evolve tactics, techniques, and procedures (TTPs) to reflect emerging adversary behavior, including AV/EDR evasion and detection-bypass techniques

  • Collaborate with the Security Incident Response Team (SIRT) and infrastructure security to translate red team findings into improved detection and defensive posture

  • Stay current on emerging attack techniques, CVEs, security advisories, and the broader offensive security research community

  • Help shape the security program via vulnerability management, bug bounty or responsible disclosure triage etc.

  • Occasionally support blue-team efforts during live incidents — log analysis, triage, pattern recognition

  • 6-8 years of hands-on experience in penetration testing, red teaming, exploit development, vulnerability research, bug bounty hunting, or equivalent demonstrated work.

  • Practical familiarity with tools such as Burp Suite or Caido, Nmap, ffuf, Nuclei, sqlmap, Metasploit, Wireshark, Semgrep, CodeQL, BloodHound, Impacket, cloud security tooling, and Linux-based offensive workflows.

  • A track record of finding real vulnerabilities: CVEs, public advisories, bug bounty credits, responsible disclosures, internal high-impact findings, or open-source offensive/security tooling.

  • Strong scripting/programming ability (Python preferred; C/C++/Go a plus) to build or modify exploits and tooling rapidly, even under tight timelines

  • Strong cloud and infrastructure security fundamentals across at least one major cloud provider, with practical understanding of IAM abuse, logging, and secrets management.

  • Familiarity with the MITRE ATT&CK framework and ability to map findings to known adversary tactics

  • Ability to reason through attack chains end to end: reconnaissance, initial access, privilege escalation, persistence where in scope, lateral movement, data access/exfiltration, impact analysis, reporting, remediation, and retest.

  • Experience working at a cybersecurity-native company, security consultancy, or a tech company with a mature internal red team

  • Excellent written and verbal communication skills — ability to explain complex attack chains clearly to both engineers and non-technical stakeholders

  • OSCP or equivalent practical certification is a strong plus

Nice to Have

~1 min read

  • Experience with cloud-native attack surfaces (GCP/AWS/Azure)

  • Experience securing or attacking AI/ML, LLM, RAG, multi-agent, or agentic workflow systems, including OWASP Top 10 for LLM Applications and emerging AI red-team practices.

  • Exposure to incident response or SIEM, threat hunting, forensics

  • Active participation in bug bounty, CTFs, security research, conference talks, open-source security tools, or responsible disclosure communities.

  • Familiarity with AI/ML system attack surfaces (prompt injection, confused sub-agents etc.) — emerging but increasingly relevant

 
  1. 🤝 Collaborative Humans: Prioritizing collective intelligence

  2. 🚀 Fearless Innovators: Turning obstacles into growth opportunities

  3. 💪 Persistent, Passionate Developers: Thriving on complex, long-term challenges

  4. 🎯 Impact-Driven Creators: Crafting intuitive tools for developers

  5. 🧠 Rapid Learners and Un-learners: Adapting quickly in our fast-paced technological world

 

What We Offer

~1 min read
Work on cutting-edge technology with real-world impact
Collaborative and innovative environment
Competitive salary, equity, and benefits
Professional development opportunities

Location & Eligibility

Where is the job
Bangalore, India
On-site at the office
Who can apply
IN

Listing Details

Posted
June 17, 2026
First seen
June 17, 2026
Last seen
July 10, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
52%
Scored at
June 17, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

coderabbitSecurity Engineer