Lead Security Engineer - Application Security

**Technology @Dream11:**Technology is at the core of everything we do. Our technology team helps us deliver a mobile-first experience across platforms (Android & iOS) while managing over 700 million rpm (requests per minute) at peak with a user concurrency of over 16.5 million.
At Dream11, we have over 190+ micro-services written in Java and backed by a Vert.x framework. These work with isolated product features with discrete architectures to cater to the respective use cases. We work with terabytes of data, the infrastructure for which is built on top of Kafka, Redshift, Spark, Druid, etc. and it powers a number of use cases like Machine Learning and Predictive Analytics. Our tech stack is hosted on AWS, with distributed systems like Cassandra, Aerospike, Akka, Voltdb, Ignite, etc.
We don’t just create for the users of today, but are driven to innovate for the sports fans of tomorrow. If you like to build with clean, resilient, and scalable code, this is the place for you. Check out some of our recent developments, all built with the same philosophy in mind. Your Role:

• Embed security across the SDLC by working closely with development, DevOps, and product teams.
• Lead secure architecture/design reviews and perform deep-dive assessments for web and mobile apps.
• Conduct manual and automated vulnerability testing, including penetration tests.
• Promote secure coding and threat modeling through training and best practice guidance.
• Build and automate security tools/workflows, ideally using GenAI.
• Support incident response efforts for application-layer threats, and plan relevant short/long-term remediations

Qualifiers:

• 7+ years in AppSec, with 4+ years in mobile/web security testing and secure code reviews.
• Participation in bug bounty programs, CTFs, or open-source security projects.
• Strong knowledge of OWASP Top 10, SANS 25, and scalable mitigation strategies.
• Skilled in at least one language (e.g., Python, Java, Golang), with experience in building security automation, custom tools, or guardrails.
• Familiarity with WAFs, SIEM/log analytics solutions, and incident response workflows.