Principal Security Engineer/ Security Manager

✅ Key Responsibilities:

You will join the GRVT Site Reliability Engineering (SRE) team, which operates across three tightly integrated verticals:

• DevSecOps (cloud infrastructure, incident response, platform stability)

• Test Engineering (end-to-end testing, regression pipelines, feature assurance)

• Security Engineering (penetration testing, security advisory, security governance).

The organization has the mandate of ensuring the end-to-end reliability of the GRVT platform, protecting our product's reliability, correctness, and security.

This role is positioned within the Security vertical but works cross-functionally with the entire organization.

• Lead technical assurance activities across projects, including penetration testing, purple teaming, threat modeling, and architecture reviews—ensuring both new and existing systems maintain a high security baseline.

• Serve as the primary security expert within the SRE team, collaborating closely with Ops and QA Engineers and Wider Teams to designfi practical, high-impact controls that enhance platform security without compromising delivery velocity.

• Build automation and internal tooling for security visibility, posture monitoring, and enforcement (e.g., secret scanning, anomaly detection, automated test harnesses).

• Monitor, triage, and lead response efforts for security incidents, coordinating across SRE, and wider engineering teams.

• Establish and maintain security policies and controls aligned with both engineering best practices and regulatory obligations

• Educate and empower developers and engineers with actionable guidance, secure coding practices, and feedback cycles—reducing the likelihood of vulnerabilities during development.

👤 Experience & Skills Requirements:

• Strong Information Security (InfoSec) background (5 years+), with proven experience in application security across both traditional web stacks and blockchain-based systems.

• Expert knowledge of web application security, including deep familiarity with the OWASP Top 10, to assess and defend GRVT’s off-chain services against common web-based threats.

• Python proficiency - Experience building security engineering tools such as automated API security testers, custom static analyzers, or CI/CD-integrated scanners for secrets, misconfigurations, and insecure patterns.

• Proficiency in security testing tools, such as SAST (e.g., SonarQube, Checkmarx, GoSec), DAST (e.g., OWASP ZAP, Burp Suite).

• Demonstrated ability to quickly understand and analyze unfamiliar codebases, enabling effective secure code review across diverse systems—including web services, infrastructure components, and smart contracts.

• Experience conducting threat modelling exercises, or a strong grasp of threat modeling methodologies to evaluate project risk at the design and implementation levels.

• Smart contract auditing experience, with familiarity in identifying common vulnerabilities in decentralized applications and blockchain systems.

• Bug bounty programs experience, either as a seasoned researcher or by managing an organization’s program.

• Experience with Cloud infrastructure (e.g., AWS, GCP). Understanding of container security and DevSecOps principles, with practical experience integrating security into CI/CD pipelines.

🚀 Bonus Points:

• Familiarity with IT security frameworks such as SOC 2 and ISO 27001, and how to align technical controls to compliance objectives.

• Holds or actively pursues professional certifications such as OSCP, OSWE, CISSP, CDP, or CTMP.