Job Title: Senior Engineer — AI Systems & Product Security
Location: Remote (India)
Reports To: CISO
The Role
At Scrut, this is an engineering role first, and a security role second. We are looking for a Senior IC who will own product security across our entire platform. You will be the first person at the company to architect the security framework for AI agents that handle sensitive enterprise compliance data. You won't just be reading about the OWASP LLM Top 10; you’ll be the one translating emerging research into production-grade controls.
This is a high-autonomy role. You aren’t inheriting a legacy program—you are building it.
What You’ll Own
1. Product & Application Security
- Lead threat modeling for new features (API design, data handling) with a focus on AI workflows and multi-tenant isolation.
- Conduct security code reviews as an integrated part of the engineering lifecycle.
- Build and maintain automated security tooling (SAST, SCA, Secret Scanning) within our CI/CD pipelines.
- Own the end-to-end vulnerability management program and manage our Bug Bounty program scoping, validation, root cause analysis, bounty awards, and hacker community relationships
2. AI & Agentic System Security
- Define the security architecture for our AI agent layer, including sandboxing and output validation and data boundary enforcement
- Model and test for AI-specific threats: prompt injection, indirect instruction hijacking, and RAG pipeline vulnerabilities.
- Translate emerging research (OWASP LLM Top 10, MITRE ATLAS, current academic work) into practical controls for a production SaaS product
- Evaluate and harden third-party LLM APIs and vector database integrations, and RAG pipeline components against known attack patterns
3. Developer Security Culture
- Create security standards and design patterns that allow engineers to "self-serve" security decisions.
- Partner with the GRC team to turn engineering excellence into audit evidence (SOC 2, ISO 27001).
Who You Are
A strong application will look like: a GitHub with security tooling, CTF writeups, or open-source contributions; an X/Twitter feed full of AI security researchers; and a track record of building things to automate security processes that used to require manual effort. You are actively optimizing your Claude Code/Codex/Cursor setup.
Requirements
- 5+ years in application security, product security, or software engineering with a deep security focus — not SecOps, not compliance, not network security
- Strong proficiency in coding agents; comfortable reading and reviewing code across languages without being handed a spec
- Direct hands-on experience with cloud security: IAM, storage policy, secrets management, network controls (AWS preferred)
- Experience applying threat modeling methodologies (STRIDE, PASTA, or similar) to real production systems — not as a formality, as a genuine engineering input
- Familiarity with AI/ML security risks — you’ve reviewed or tested LLM integrations, RAG pipelines, or agentic systems in a real environment
- Experience integrating DAST, SAST, SCA tooling into CI/CD pipelines and making the output actionable for product engineers
What we offer:
- Opportunity to make an impact on one of the most promising, global high-growth SaaS startups based in India
- Flat hierarchy, performance-driven culture
- Rapid growth and learning opportunities
- Comprehensive medical insurance coverage
- A high-performing action-oriented team
- Competitive package, benefits, and employee-friendly work culture
About Scrut
Scrut Automation is a global leader in Governance, Risk, and Compliance (GRC). Our mission is to help modern enterprises move beyond simple checklists to build a security-first culture. We provide a single, intelligent platform that helps companies achieve and maintain compliance for standards like SOC 2, ISO 27001, and HIPAA, while also proactively managing risk.
We are a high-growth, remote-first company with a strong focus on collaboration, ownership, and customer obsession. We believe in building a team of smart, motivated builders who are passionate about solving complex problems for our customers.
Note: Due to a high volume of applications, only the shortlisted candidates will be contacted by the HR team. We appreciate your interest and effort.