Security Engineer

Company Description

VipraTech Labs is a forward-thinking technology startup specializing in end-to-end product development, security, automation, and AI-driven workflows. The company builds complete solutions, from backend to frontend, with a focus on secure, testable, and scalable code. VipraTech designs and delivers efficient products and tools while prioritizing automation of operations and AI-enhanced innovation. The team is committed to working closely with startups across regions such as NZ, AUS, SEA, Middle East, EU, and the US, offering personalized, hands-on partnership with a focus on accountability and ROI. VipraTech also invests in nurturing talent, particularly in core development, AI, and cybersecurity.

Role Description

As a Security Engineer – Python (AppSec Tooling & Integrations) you will turn security research and real-world testing needs into reliable, reusable Python automation. You’ll build scripts/services/CLIs that automate checks, parse results, and publish normalized findings; wrap third-party scanners and APIs behind clean adapters; and package everything into Dockerized jobs that run predictably in CI/CD and our backend pipelines. You will collaborate closely with team to convert techniques into low-false-positive tooling, add logging/metrics, and document usage so others can operate your work without hand-holding. The role is hands-on and delivery-focused: small PRs, clear acceptance criteria, scope discipline, and readable code with tests and docstrings. You’ll participate in design/code reviews, improve reliability/performance, and help evolve our starter kits and internal libraries. This is an onsite, Kota position with a strong learning culture—expect fast feedback, weekly demos, and growth toward owning modules and mentoring juniors.

What you’ll do

- Build Python scripts, services, and CLI tools to automate security checks, data collection, and reporting. - Integrate external tools (scanners/APIs/CLIs) into Dockerized workflows; write Python adapters/wrappers for consistent I/O. - Develop parsers/matchers to turn raw outputs (HTTP/JSON/HTML/logs) into normalized findings and lightweight reports. - Orchestrate jobs (scheduling, retries, parallel runs); add logging/metrics and basic error handling. - Contribute to secure, maintainable code: small PRs, unit tests, docstrings/READMEs, and simple design notes. - Collaborate with security researchers/engineers to translate techniques into repeatable, low-false-positive automation. - Support CI/CD by adding linters/tests and packaging your code for reliable, reproducible runs. - Participate in code reviews; suggest improvements in performance, reliability, and security hygiene.

Qualifications

Must-have

- Python proficiency: solid fundamentals (data structures, OOP, typing), HTTP clients (requests/httpx), parsing (BeautifulSoup/lxml/json/regex), CLI tooling (argparse/click), packaging/virtualenv/Poetry. - Web & protocols: HTTP/HTTPS basics, cookies/sessions, headers/CORS, REST/JSON, simple auth flows (tokens/Basic). - Security foundations: OWASP Top 10 concepts (XSS/SSRF/SQLi/Auth/IDOR), input validation/encoding, least privilege, secrets handling, logging for security. - Tooling & automation: Linux shell, Docker (build, multi-stage, compose), Git/GitHub flow, write Python wrappers/adapters around external tools/APIs. - Quality & reliability: unit tests/pytest, reproducible runs, basic error handling/retries, docstrings/README, small PR discipline. - Collaboration: clear written communication, comfort with ticketing (Jira/Linear), code reviews, following acceptance criteria and scope.

Good-to-have

- Security tools exposure: Burp Suite (extensions/Intruder), Nmap/NSE, one of ZAP/Semgrep/Trivy/Bandit, secrets scanners. - Concurrency & performance: asyncio/threading/process pools; batching, back-pressure; basic profiling. - Data & stores: SQLite/Postgres basics, Redis/queues for job orchestration. - CI/CD basics: linters (ruff/flake8), formatters (black), simple GitHub Actions or similar. - Framework awareness: basic Django/FastAPI (routes, deps, auth), simple service endpoints. - Cloud familiarity: fundamentals on any one cloud (AWS/Azure/GCP)—IAM basics, container run, logs/metrics. - Networking: ports/protocols, DNS/HTTP debugging, TLS/mitm basics (Burp/mitmproxy). - Security mindset: threat modeling lite, reducing false positives, safe handling of test payloads; responsible disclosure etiquette. - Plus points: prior bug-bounty write-ups/tools, CTFs, open-source contributions; relevant certs (eJPT, PNPT, OSCP, CEH) are a bonus—not mandatory.

Education/Experience

- Bachelor’s in CS/IT or equivalent or strong portfolio/GitHub demonstrating Python tooling. - 0–2 years for entry/junior; we value proof of work over years.