We are hiring a Security Engineer with strong experience in application security, cloud security, and offensive security testing. This is a hands-on role covering both security assessment and remediation support, working closely with engineering and DevOps teams. Core Responsibilities: * Black-box, grey-box, and white-box security testing (including source code review) * Identify vulnerabilities in monolith and microservices architectures * Detect business logic flaws, race conditions, and authorization bypass issues * Perform threat modeling using MITRE ATT&CK (lateral movement, privilege escalation, data exfiltration paths) * Azure security hardening (Entra ID, RBAC, Managed Identities, Service Principals, Conditional Access) * Kubernetes / AKS container security assessments * CI/CD security review (Azure DevOps pipelines) * Infrastructure-as-Code (Terraform / Bicep) security auditing * Microsoft 365 security review (SharePoint, Teams, Power Platform, Shadow IT) * Manual security testing using Burp Suite, Postman, and custom PoCs * Provide remediation guidance and code-level fixes (C#, Java, Python, Go) * Validate fixes through structured retesting and regression analysis Nice to Have: * Binary / memory corruption analysis (legacy systems) * Experience with enterprise endpoint security (EDR/Defender/AppLocker/WDAC) * DevSecOps pipeline integration experience Requirements: * Strong understanding of web, cloud, and distributed systems security * Ability to think like an attacker and translate findings into engineering fixes * Comfortable working directly with developers and SRE teams * Strong Azure ecosystem experience preferred Compensation: - NPR 40L – 120L per annum (based on experience and skill level) - Remote (Nepal) - Full-time