Company Description

KGeN is building VeriFi, the world’s largest Verified Distribution Protocol, aimed to accelerate business growth with a strong foundation on real users. Founded by global leaders in the consumer and gaming industries, KGeN has become a dominant player in the Global South, serving over 31.6 million consumers and boasting more than 6.2 million monthly active users. Supported by 200+ revenue partnerships across AI, DeFi, and Gaming projects, KGeN achieved an annualized revenue of over $30.6 million by June 2025, showcasing the strength and scalability of its protocol. The company's proprietary identity and reputation framework, POGE, leverages 707 million+ attributes for unparalleled user insights.

Role Description

This is a full-time, on-site role located in the Greater Bengaluru Area for a Lead Security Engineer. The Lead Security Engineer will be responsible for ensuring the security of applications, networks, and systems. Tasks include designing and implementing security measures, conducting vulnerability assessments, and developing security best practices. The engineer will also stay updated with the latest cybersecurity threats and manage information security policies across the organization.

What You'll Do

• Security Strategy & Architecture: Develop, execute, and lead the security roadmap. Design secure architectures and implement "security by design" principles for all systems and applications.
• Cloud & Infrastructure Security: Secure our AWS/GCP cloud environments, including IAM, network segmentation, container security, and serverless. Implement and manage security controls for core infrastructure, networks, and endpoints (firewalls, IDS/IPS, EDR).
• Application Security: Establish and champion the Secure SDLC. Conduct SAST/DAST, threat modeling, and code reviews. Manage application vulnerabilities.
• Vulnerability & Incident Management: Lead vulnerability assessments, penetration testing, and bug bounty programs. Act as the primary lead for security incidents, from response planning to post-mortem analysis.
• Risk & Compliance: Identify, assess, and mitigate risks. Ensure adherence to standards (ISO 27001, SOC 2, PCI DSS) and data privacy regulations.
• Automation & Culture: Automate security processes (DevSecOps) and foster a strong security-aware culture through training and communication.

What We're Looking For

• Experience: 5+ years in security engineering, with 2+ years in a senior role, ideally in a fast-paced environment.
• Technical Expertise: Deep expertise across Cloud, Application, Infrastructure, and Network security. Hands-on experience with AWS or GCP.
• Secure Development: Strong understanding of secure coding principles and extensive experience with vulnerabilities (OWASP Top 10).
• Tools: Proficiency with common pen-testing tools like Burp Suite, Nmap, and Metasploit. Experience with packet analysis (Wireshark) and password crackers (John the Ripper). Familiarity with Kali Linux.
• Soft Skills: Proven Incident Response and investigation experience. Proficiency in a scripting language (Python, Bash). Excellent problem-solving, autonomy, and communication skills to engage with both technical and non-technical stakeholders.

Bonus Points

• Experience in a highly regulated industry (e.g., FinTech, Healthcare).
• Experience with Web3/Blockchain security or smart contract auditing.
• Relevant security certifications (e.g., CISSP, CISM, OSCP).
• Experience building or mentoring a security team.

📩 Interested? Share your CV with us at apurva@kgen.io