Senior Security Engineer

External

Anaplan · Gurugram, India

Full-timeOn-siteToday

AWSCI/CDComplianceGCPLeadershipPenetration Testing

Cover Letter Connect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

As a Senior Offensive Security Engineer , you will lead offensive security efforts and own Anaplan's vulnerability management programme. This is a dual-scope role: you'll drive adversarial testing to find what's broken, and you'll run the process that ensures vulnerabilities-from your own assessments, scanners, bug bounty, and third-party audits-are tracked, prioritised, and remediated at the right pace. You'll mentor the Offensive Security Engineer and serve as a technical authority across product and platform teams. Individual Contributor Focus Operates independently on complex offensive engagements and vulnerability management decisions, setting scope and priority without close supervision. Communicates risk and remediation trade-offs to cross-functional stakeholders at the project and product-line level, influencing engineering roadmaps where security debt is material. Mentors the Offensive Security Engineer and security champions across engineering, but carries no direct people management responsibility.

Responsibilities

Offensive Security

Advanced Penetration Testing & Red Teaming: Lead complex, multi-phase penetration tests and red team exercises against Anaplan's platform, cloud infrastructure, and AI-powered products. Define engagement scope, rules of engagement, and success criteria.

Threat Modelling & Attack Path Analysis: Conduct adversarial threat modelling for new features and architectural changes, identifying realistic attack chains that inform both offensive testing and defensive controls.

Offensive Tooling & Capability Development: Build and maintain reusable offensive tooling, automation frameworks, and testing methodologies that scale with the platform's evolution.

Mentorship & Technical Leadership: Guide the Offensive Security Engineer on methodology, scoping, and report quality. Raise the bar on how offensive findings translate into engineering action.

Vulnerability Management

Programme Ownership: Own the end-to-end vulnerability management lifecycle: intake from scanners, penetration tests, bug bounty, and third-party audits; triage and risk-rating; assignment to responsible teams; tracking through to verified remediation.

Prioritisation & Risk Calibration: Apply consistent, risk-based prioritisation that accounts for exploitability, blast radius, data sensitivity, and business context-not just CVSS scores.

Metrics & Reporting: Define and maintain vulnerability management metrics (mean time to remediate, ageing, SLA compliance) and report trends to security leadership and engineering stakeholders.

Process Improvement: Continuously improve the vulnerability management workflow: reduce noise, improve scanner accuracy, tighten integration with CI/CD and ticketing systems, and make it easier for engineering teams to act on findings.

Cross-Cutting

Incident Support: Support major security incident investigations with offensive expertise-reproducing attack paths, validating exposure scope, and advising on containment.

Stakeholder Communication: Present findings, risk assessments, and programme health to engineering leads, product managers, and security leadership with clarity and appropriate urgency.

Senior Security Engineer

About the role

Responsibilities

Requirements

Benefits

Additional Information

Your Match

Company Intel

What employees say

Interested in this role?