What are the responsibilities and job description for the Senior Security Engineer position at Sonata Software?
Sonata Software Overview
In today's market, there is a unique duality in technology adoption. On one side, extreme focus on cost containment by clients, and on the other, deep motivation to modernize their Digital storefronts to attract more consumers and B2B customers.
As a leading Modernization Engineering company, we aim to deliver modernization-driven hypergrowth for our clients based on the deep differentiation we have created in Modernization Engineering, powered by our Lightening suite and 16-step Platformation™ playbook. In addition, we bring agility and systems thinking to accelerate time to market for our clients.
Headquartered in Bengaluru, India, Sonata has a strong global presence, including key regions in the US, UK, Europe, APAC, and ANZ. We are a trusted partner of world-leading companies in BFSI (Banking, Financial Services, and Insurance), HLS (Healthcare and Lifesciences), TMT (Telecom, Media, and Technology), Retail & CPG, and Manufacturing space. Our bouquet of Modernization Engineering Services cuts across Cloud, Data, Dynamics, Contact Centers, and around newer technologies like Generative AI, MS Fabric, and other modernization platforms.
Job Title: Security Engineer – Pentesting
Location: San Jose, CA (5 days Onsite) – Need Locals
Role summary
We are seeking a highly skilled Security Engineer specializing in Penetration Testing to strengthen our o ensive security capabilities. This role is responsible for identifying vulnerabilities across applications, infrastructure, cloud environments, and emerging AI/ML systems, including Large Language Models (LLMs) and GenAI platforms. The ideal candidate combines deep technical pentesting expertise with hands-on experience in AI security, enabling proactive defense against sophisticated and evolving threats.
Key Responsibilities:
Application & API Security Testing
- Perform black-box, gray-box, and white-box penetration testing of:
- Web applications, APIs (REST/GraphQL), and mobile platforms
• Identify vulnerabilities including:
- Authentication/authorization flaws
- Injection attacks
- Business logic vulnerabilities
- Session Management
- Information Gathering
- Data Validation, Governance and Transfer
- Configuration Management
• Conduct secure code reviews and validate SAST/DAST findings
Infrastructure & Network Penetration Testing
• Execute penetration testing across:
- Enterprise networks (internal/external)
- Cloud platforms (AWS, Azure, GCP)
- Hybrid environments
• Perform:
- Privilege escalation and lateral movement
- Active Directory assessments (Kerberos, NTLM, etc.)
• Identify misconfigurations and control weaknesses
AI/ML & GenAI Security Testing
• Conduct security assessments on:
- LLM-based applications and AI copilots
- Machine learning models and pipelines
• Perform:
- Prompt injection and jailbreak testing
- Data leakage and model abuse scenarios
- Adversarial ML attacks (evasion, poisoning)
• Assess:
- RAG (Retrieval-Augmented Generation) pipelines
- Model APIs, plugins, and agent frameworks
- E ectiveness of AI guardrails and controls
Red Teaming & Adversary Simulation
• Simulate real-world attack scenarios across:
- Applications, infrastructure, and AI systems
• Develop multi-stage attack chains combining:
- Traditional and AI-specific techniques
• Support purple team exercises with SOC and detection teams
Automation & AI-Driven Security Testing
• Leverage AI tools to:
- Automate vulnerability discovery
- Generate test cases and attack payloads
- Develop custom tools/scripts using:
- Python, Bash, PowerShell, or Go
• Enhance scalability and repeatability of pentesting processes
Reporting & Stakeholder Engagement
• Deliver:
- Executive-level summaries (CIO/CISO ready)
- Detailed technical reports with reproduction steps
• Provide:
- Risk-based prioritization aligned to business impact
- Actionable remediation guide
• Collaborate with:
- Engineering, Cloud, SOC, and DevOps teams
Required Qualifications
Experience
• 5 years in penetration testing, red teaming, or o ensive security
• Proven experience testing:
- Web applications, APIs, and infrastructure
• Hands-on exposure to cloud security and enterprise environments
Technical Skills
• Strong knowledge of:
- OWASP Top 10 / API Top 10
- OWASP Top 10 LLM
- Network and infrastructure pentesting
- Identity and Active Directory exploitation
• Experience with tools such as:
- Burp Suite, Metasploit, Nmap
- BloodHound, Mimikatz, Nessus
AI Security
• Understanding of:
- LLM architectures and GenAI use cases
- RAG pipelines, embeddings, and vector databases
• Experience with:
- Prompt injection testing
- AI red teaming or model security assessments
• Exposure to:
- LangChain, Semantic Kernel, or similar frameworks
Programming
• Proficiency in:
- Python (required)
- Scripting (Bash/PowerShell)
• Ability to develop:
- Custom testing tools and exploit scripts
Preferred Qualifications
• Certifications:
- OSCP, OSEP, or OSCE
- GPEN, GWAPT, or CRTO
- Cloud security certifications (AWS/Azure)
• Experience with:
- AI security research or tooling
- Bug bounty programs or red team operations
Key Competencies
- Strong attacker mindset and creative problem solving
- Ability to translate technical findings into business risk
- Excellent collaboration across engineering and security teams
- Focus on scalable, repeatable security processes
Why join Sonata Software?
At Sonata, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build never seen before solutions to some of the world’s toughest problems. You´ll be challenged, but you will not be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.
Sonata Software is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity, age, religion, disability, sexual orientation, veteran status, marital status, or any other characteristics protected by law.