Senior Security Engineer

Razorpay

Greater Bengaluru Area

Description

We are hiring an AI Engineer who will build agentic systems and AI-driven automation for our security and infrastructure functions. The ideal candidate is AI native first, fluent in LLMs, agent frameworks, and prompt/context engineering with working knowledge of security and a strong grasp of infra/deployment. This is not a traditional security engineering role. We want someone who thinks in terms of agents, tools, and orchestration and who can ship AI systems that operate against real production infrastructure. Reports into Security/Platform leadership; collaborates with SecOps, CloudSec, AppSec, and SRE teams.

Responsibilities:

  • Agentic security workflows multi-agent systems (planner-executor, orchestrator-subagent) for IR triage, threat hunting, alert correlation, and compliance evidence collection.
  • MCP servers and clients that wrap internal tools (SentinelOne, Zscaler, AWS APIs, Active Directory, Jamf, Semgrep, etc. ) so agents can act on production systems.
  • AI-driven infra automation agents that deploy, configure, and remediate Kubernetes workloads, IAM policies, network rules, and cloud resources.
  • LLM-powered detection and response pipelines log summarization, anomaly explanation, runbook execution, and automated containment with human-in-the-loop guardrails.
  • Evals, guardrails, and safety layers for production AI systems handling sensitive data.
  • Internal AI platform gateways, model routing, prompt registries, and observability for LLM use across the org.

AI Engineering:

  • Hands-on experience building production systems with Claude (Anthropic API), OpenAI, or equivalent frontier LLMs, not just chatbot demos.
  • Strong prompt engineering and context engineering: understand tool-use loops, structured outputs, evals, and failure modes.
  • Built at least one agentic system end-to-end planner-executor, ReAct, orchestrator-subagent, or similar.
  • Experience with MCP (Model Context Protocol) has built MCP servers/clients or equivalent tool-wrapping abstractions.
  • Comfort with agent frameworks like Claude Agent SDK, LangGraph, AutoGen, CrewAI, or custom orchestration.
  • Working knowledge of local inference Ollama, LM Studio, vLLM, llama.cpp and proxy layers like LiteLLM.
  • Familiarity with fine-tuning, RAG, and embeddings knows when to reach for each.
  • Has shipped at least one AI system that took real actions on real systems (not read-only analysis).

Infra and Deployment:

  • Strong Kubernetes chops: has deployed and operated workloads on EKS/GKE/AKS, written Helm charts or Kustomize, and debugged pod/networking/RBAC issues.
  • AWS or GCP depth in IAM, VPC, networking, secrets, and observability.
  • Infrastructure as Code: Terraform, Pulumi, or CDK.
  • CI/CD GitHub Actions, ArgoCD, or similar; understands deployment patterns (blue-green and canary).
  • Comfortable making agents drive infra changes, knows the difference between "agent suggests a Terraform plan" and "agent applies it, " and knows how to gate the latter safely.
  • Container security basics: image scanning, Pod Security Standards, and admission controllers.

The core requirements for the job include the following:

Nice-to-Have: Security Knowledge (Add-on)

  • Familiarity with at least one of the following: SIEM/XDR (SentinelOne, Splunk), SAST/DAST (Semgrep, Burp), CSPM (Wiz, Prowler), or DLP/SSE (Zscaler).
  • Awareness of OWASP Top 10 for LLMs, prompt injection, jailbreaks, and data exfil via LLMs.
  • Conceptual understanding of compliance regimes PCI DSS, ISO 27001 SOC 2 RBI, DPDP enough to know what "evidence" means.
  • Threat modeling fundamentals (STRIDE) and MITRE ATT& CK literacy.
  • Note: We are not looking for a CISSP profile. Security knowledge is an add-on; AI engineering and infra are the primary bar.

Expectations:

  • Builder, not just a researcher, ships systems, not just notebooks.
  • Pragmatic about AI knows what LLMs are bad at and designs around it (deterministic fallbacks, validators, human-in-the-loop).
  • Safety-aware thinks about prompt injection, tool abuse, and blast radius before an agent gets sudo.
  • Comfortable with ambiguity: this space changes monthly; you should enjoy that.