Q
Staff Security Engineer
Accepting applicationsQuince · Bengaluru, Karnataka, India
Full-Time Senior AIPythonSOCmentor
Estimated market salary
₹17-31 LPA
This is a SiliconBoard market estimate, not an employer-posted salary.
Posted
5d ago
Category
Manufacturing
Experience
Senior
Country
India
ABOUT QUINCE
Founded in 2018, Quince was built to challenge the idea that nice things have to cost a lot. Our mission is simple: to make really high quality essentials for really low prices, produced fairly and sustainably. We believe everyone deserves exceptional craftsmanship and timeless design without the traditional markups. Quince is a direct-to-consumer (DTC) model that cuts out middlemen and leverages just-in-time manufacturing to minimize waste and maximize value.
Quince is a tech company disrupting the retail industry by putting AI, analytics and automation at the center of everything we do. Our unwavering commitment to excellence and company values guide our teams and actions:
Customer First: We prioritize customer satisfaction in every decision.
High Quality: True quality means premium materials and rigorous production standards you can feel good about.
Essential Design: We focus on timeless, functional essentials instead of chasing trends.
Always a Better Deal: Innovation and transparency ensure value for both customers and partners.
Social & Environmental Responsibility: We commit to sustainable materials, ethical production, and fair wages.
Quince partners with world-class manufacturers across the globe and serves millions of customers. With strong investor backing and a focus on sustainable growth, we are a company that is rapidly scaling while maintaining a commitment to quality, simplicity, and radical price transparency.
OUR TEAM AND SUCCESS
At Quince, you will be part of a high-performing team that is redefining what quality, value, and sustainability mean in modern retail. We are a destination for builders, innovators, and operators to come together and challenge the status quo. Our collective ambition is bold. We are creating an entirely new category and customer experience – one that democratizes luxury and provides high quality products at radically low prices. That mission demands a world-class team committed to excellence.
If you are motivated by impact, growth, and purpose, you will find a strong sense of belonging at Quince.
THE ROLE
Staff Security Engineer
We’re looking for a Staff Security Engineer to join our growing Security team. In this role, you will drive security strategy and execution across Quince’s product, cloud, infrastructure, and enterprise environments. You will operate as a senior technical leader, combining deep hands-on security engineering expertise with architectural influence to build scalable security programs and systems. You will partner closely with engineering, product, legal, compliance, and business teams to embed security throughout the software development lifecycle, strengthen our cloud and enterprise security posture, and continuously improve our detection and response capabilities. Success in this role means proactively reducing risk, building security capabilities that scale with the business, and driving a culture where security is treated as a core engineering responsibility. You will serve as a technical mentor, influence engineering decisions across teams, and help shape the future of security at Quince.
Responsibilities
Security Architecture & Engineering
Lead security architecture reviews and provide guidance on the design of new systems, services, and product features
Review product requirements, technical designs, and implementation plans to embed security early in the development lifecycle
Design and build security tooling, automation frameworks, and scalable security services
Drive secure-by-design principles and security engineering best practices across the organization
Define security standards, patterns, and architectural guardrails for engineering teams
Application & Product Security
Own and evolve the application security program, including SAST, DAST, SCA, and CI/CD security controls
Conduct vulnerability assessments and penetration testing across web, API, and mobile platforms
Partner with engineering teams to identify, prioritize, and remediate security risks
Manage security reviews and release sign-offs based on risk assessments
Conduct vendor security assessments and oversee remediation activities for identified findings
Perform third-party integration and API security reviews
Cloud, Infrastructure & Data Security
Define and enforce cloud security standards across AWS environments
Drive initiatives around identity management, network security, secrets management, logging, and infrastructure hardening
Secure CI/CD pipelines and development infrastructure
Lead data protection initiatives, including DLP controls across SaaS platforms, endpoints, and cloud environments
Drive zero-trust architecture, access management, and infrastructure security improvements
Threat Detection, Incident Response & Offensive Security
Lead security incident response investigations, containment, remediation, and root cause analysis efforts
Build and optimize detections across SIEM, EDR, cloud security, and enterprise security platforms
Conduct proactive threat hunting across cloud, endpoint, and SaaS environments
Lead red team exercises, adversary simulations, and security validation initiatives
Improve security visibility, detection coverage, and response effectiveness across the organization
Enterprise Security & Identity
Oversee endpoint security, device management, and enterprise security controls
Drive identity and access management initiatives across platforms such as Okta and Google Workspace
Monitor and respond to phishing attacks, account compromise attempts, and insider threat indicators
Establish scalable security controls for workforce and enterprise systems
Governance, Risk & Compliance
Partner with compliance and legal teams to support programs such as SOC 2, ISO 27001, GDPR, and other regulatory requirements
Drive security risk assessments and privacy reviews across products and business processes
Ensure security controls align with business objectives, compliance requirements, and industry best practices
Support audit readiness and continuous improvement of security governance processes
Qualifications
7+ years of experience in security engineering, application security, cloud security, or related technical security disciplines
Strong hands-on expertise across multiple security domains including Application Security, Cloud Security, Detection & Response, and Infrastructure Security
Experience conducting vulnerability assessments and penetration testing across web, API, and mobile applications
Deep knowledge of security testing technologies including SAST, DAST, SCA, and CI/CD security tooling
Strong experience securing cloud environments (AWS preferred)
Experience with EDR, DLP, SIEM, and threat detection technologies, including platforms such as CrowdStrike
Deep understanding of threat modeling, secure architecture design, and modern attack techniques
Experience leading architecture reviews and influencing engineering decisions at scale
Strong programming or scripting skills using Python, Go, or similar languages
Excellent communication skills with the ability to communicate technical risks to both engineering teams and senior leadership
Proven ability to lead complex security initiatives and influence cross-functional stakeholders
Preferred:
Experience in e-commerce, retail technology, or large-scale consumer platforms
Background in red teaming, adversary emulation, or offensive security operations
Experience with Infrastructure-as-Code and policy-as-code technologies such as Terraform and OPA
Familiarity with enterprise security platforms including Google Workspace, Okta, and DLP solutions
Experience building internal security tooling and automation frameworks
Security certifications such as OSCP, OSWE, CISSP, CCSP, or equivalent practical experience
Experience operating in high-growth, cloud-native engineering organizations
What Success looks like:
Security is embedded into engineering workflows and product development processes by default
Strong application, cloud, and enterprise security posture with measurable risk reduction over time
Scalable security tooling, automation, and detection capabilities that improve operational efficiency
Reduced incident impact through proactive detection, response, and threat hunting capabilities
High adoption of secure engineering practices across product and infrastructure teams
A strong security culture driven by technical leadership, collaboration, and continuous improvement across the organization
WHY QUINCE?
Joining Quince means being part of a mission-driven team reshaping retail. You will work alongside talented colleagues, tackle meaningful challenges, and contribute to building a more sustainable, accessible future for customers and partners alike.
EQUAL OPPORTUNITY & HIRING INTEGRITY
Quince provides equal employment opportunities to all employees and applications for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran or military status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
Quince is committed to providing reasonable accommodations to qualified individuals with disabilities. If you need a reasonable accommodation to complete your application or to perform the essential functions of a role at Quince, please let us know by completing this accommodation form. We review all requests individually and will work with you to determine appropriate accommodations on a case-by-case basis.
Employment is contingent upon successful completion of a background check. Quince will conduct background checks in compliance with applicable federal, state, and local laws.
Security Advisory: Beware of Frauds
At Quince, we're dedicated to recruiting top talent who share our drive for innovation. To safeguard candidates, Quince emphasizes legitimate recruitment practices. Initial communication is primarily via official Quince email addresses and LinkedIn; beware of deviations. Personal data and sensitive information will not be solicited during the application phase. Interviews are conducted via phone, in person, or through the approved platforms Google Meets or Zoom—never via messaging apps or other calling services. Offers are merit-based, communicated verbally, and followed up in writing. If personal information is requested to initiate the hiring process, rest assured it will be through secure and protected means.
Show more Show less
Founded in 2018, Quince was built to challenge the idea that nice things have to cost a lot. Our mission is simple: to make really high quality essentials for really low prices, produced fairly and sustainably. We believe everyone deserves exceptional craftsmanship and timeless design without the traditional markups. Quince is a direct-to-consumer (DTC) model that cuts out middlemen and leverages just-in-time manufacturing to minimize waste and maximize value.
Quince is a tech company disrupting the retail industry by putting AI, analytics and automation at the center of everything we do. Our unwavering commitment to excellence and company values guide our teams and actions:
Customer First: We prioritize customer satisfaction in every decision.
High Quality: True quality means premium materials and rigorous production standards you can feel good about.
Essential Design: We focus on timeless, functional essentials instead of chasing trends.
Always a Better Deal: Innovation and transparency ensure value for both customers and partners.
Social & Environmental Responsibility: We commit to sustainable materials, ethical production, and fair wages.
Quince partners with world-class manufacturers across the globe and serves millions of customers. With strong investor backing and a focus on sustainable growth, we are a company that is rapidly scaling while maintaining a commitment to quality, simplicity, and radical price transparency.
OUR TEAM AND SUCCESS
At Quince, you will be part of a high-performing team that is redefining what quality, value, and sustainability mean in modern retail. We are a destination for builders, innovators, and operators to come together and challenge the status quo. Our collective ambition is bold. We are creating an entirely new category and customer experience – one that democratizes luxury and provides high quality products at radically low prices. That mission demands a world-class team committed to excellence.
If you are motivated by impact, growth, and purpose, you will find a strong sense of belonging at Quince.
THE ROLE
Staff Security Engineer
We’re looking for a Staff Security Engineer to join our growing Security team. In this role, you will drive security strategy and execution across Quince’s product, cloud, infrastructure, and enterprise environments. You will operate as a senior technical leader, combining deep hands-on security engineering expertise with architectural influence to build scalable security programs and systems. You will partner closely with engineering, product, legal, compliance, and business teams to embed security throughout the software development lifecycle, strengthen our cloud and enterprise security posture, and continuously improve our detection and response capabilities. Success in this role means proactively reducing risk, building security capabilities that scale with the business, and driving a culture where security is treated as a core engineering responsibility. You will serve as a technical mentor, influence engineering decisions across teams, and help shape the future of security at Quince.
Responsibilities
Security Architecture & Engineering
Lead security architecture reviews and provide guidance on the design of new systems, services, and product features
Review product requirements, technical designs, and implementation plans to embed security early in the development lifecycle
Design and build security tooling, automation frameworks, and scalable security services
Drive secure-by-design principles and security engineering best practices across the organization
Define security standards, patterns, and architectural guardrails for engineering teams
Application & Product Security
Own and evolve the application security program, including SAST, DAST, SCA, and CI/CD security controls
Conduct vulnerability assessments and penetration testing across web, API, and mobile platforms
Partner with engineering teams to identify, prioritize, and remediate security risks
Manage security reviews and release sign-offs based on risk assessments
Conduct vendor security assessments and oversee remediation activities for identified findings
Perform third-party integration and API security reviews
Cloud, Infrastructure & Data Security
Define and enforce cloud security standards across AWS environments
Drive initiatives around identity management, network security, secrets management, logging, and infrastructure hardening
Secure CI/CD pipelines and development infrastructure
Lead data protection initiatives, including DLP controls across SaaS platforms, endpoints, and cloud environments
Drive zero-trust architecture, access management, and infrastructure security improvements
Threat Detection, Incident Response & Offensive Security
Lead security incident response investigations, containment, remediation, and root cause analysis efforts
Build and optimize detections across SIEM, EDR, cloud security, and enterprise security platforms
Conduct proactive threat hunting across cloud, endpoint, and SaaS environments
Lead red team exercises, adversary simulations, and security validation initiatives
Improve security visibility, detection coverage, and response effectiveness across the organization
Enterprise Security & Identity
Oversee endpoint security, device management, and enterprise security controls
Drive identity and access management initiatives across platforms such as Okta and Google Workspace
Monitor and respond to phishing attacks, account compromise attempts, and insider threat indicators
Establish scalable security controls for workforce and enterprise systems
Governance, Risk & Compliance
Partner with compliance and legal teams to support programs such as SOC 2, ISO 27001, GDPR, and other regulatory requirements
Drive security risk assessments and privacy reviews across products and business processes
Ensure security controls align with business objectives, compliance requirements, and industry best practices
Support audit readiness and continuous improvement of security governance processes
Qualifications
7+ years of experience in security engineering, application security, cloud security, or related technical security disciplines
Strong hands-on expertise across multiple security domains including Application Security, Cloud Security, Detection & Response, and Infrastructure Security
Experience conducting vulnerability assessments and penetration testing across web, API, and mobile applications
Deep knowledge of security testing technologies including SAST, DAST, SCA, and CI/CD security tooling
Strong experience securing cloud environments (AWS preferred)
Experience with EDR, DLP, SIEM, and threat detection technologies, including platforms such as CrowdStrike
Deep understanding of threat modeling, secure architecture design, and modern attack techniques
Experience leading architecture reviews and influencing engineering decisions at scale
Strong programming or scripting skills using Python, Go, or similar languages
Excellent communication skills with the ability to communicate technical risks to both engineering teams and senior leadership
Proven ability to lead complex security initiatives and influence cross-functional stakeholders
Preferred:
Experience in e-commerce, retail technology, or large-scale consumer platforms
Background in red teaming, adversary emulation, or offensive security operations
Experience with Infrastructure-as-Code and policy-as-code technologies such as Terraform and OPA
Familiarity with enterprise security platforms including Google Workspace, Okta, and DLP solutions
Experience building internal security tooling and automation frameworks
Security certifications such as OSCP, OSWE, CISSP, CCSP, or equivalent practical experience
Experience operating in high-growth, cloud-native engineering organizations
What Success looks like:
Security is embedded into engineering workflows and product development processes by default
Strong application, cloud, and enterprise security posture with measurable risk reduction over time
Scalable security tooling, automation, and detection capabilities that improve operational efficiency
Reduced incident impact through proactive detection, response, and threat hunting capabilities
High adoption of secure engineering practices across product and infrastructure teams
A strong security culture driven by technical leadership, collaboration, and continuous improvement across the organization
WHY QUINCE?
Joining Quince means being part of a mission-driven team reshaping retail. You will work alongside talented colleagues, tackle meaningful challenges, and contribute to building a more sustainable, accessible future for customers and partners alike.
EQUAL OPPORTUNITY & HIRING INTEGRITY
Quince provides equal employment opportunities to all employees and applications for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran or military status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
Quince is committed to providing reasonable accommodations to qualified individuals with disabilities. If you need a reasonable accommodation to complete your application or to perform the essential functions of a role at Quince, please let us know by completing this accommodation form. We review all requests individually and will work with you to determine appropriate accommodations on a case-by-case basis.
Employment is contingent upon successful completion of a background check. Quince will conduct background checks in compliance with applicable federal, state, and local laws.
Security Advisory: Beware of Frauds
At Quince, we're dedicated to recruiting top talent who share our drive for innovation. To safeguard candidates, Quince emphasizes legitimate recruitment practices. Initial communication is primarily via official Quince email addresses and LinkedIn; beware of deviations. Personal data and sensitive information will not be solicited during the application phase. Interviews are conducted via phone, in person, or through the approved platforms Google Meets or Zoom—never via messaging apps or other calling services. Offers are merit-based, communicated verbally, and followed up in writing. If personal information is requested to initiate the hiring process, rest assured it will be through secure and protected means.
Show more Show less
Similar Jobs
M
Senior/Engineer, NAND Wafer Level Reliability & Design
Micron · Singapore, Singapore, Asia
ST
Mechanical Design Engineer (T)
SANMINA-SCI TECHNOLOGY INDIA PRIVATE LIMITED · Huntsville, AL
AD
Engineer, Semi Packaging Engineering
Analog Devices · Wilmington, MA
I
Developer
IsoTalent · Salt Lake City Metropolitan Area