Senior Manager - Security Assurance

The CoinDCX Journey: Building the Future of Finance:

At CoinDCX, our mission is clear - to make crypto and blockchain accessible to every Indian and enable them to participate in the future of finance.

As India’s first crypto unicorn valued at $2.45B, we are reshaping the financial ecosystem by building safe, transparent, and scalable products that power adoption at scale.

We believe that change starts together. It begins with bold ideas, relentless execution and people who want to build what’s next.

If you’re driven by purpose and thrive in environments where your work defines the next chapter of an industry, you’ll feel right at home here.

Inside CoinDCX’s Security Team

Our Security team is responsible for safeguarding CoinDCX’s digital assets, systems, and data from potential threats. We work across applications, infrastructure, and operational security to proactively identify risks, implement strong security controls, and ensure compliance with industry standards. If you’re a tech-savvy problem solver with a passion for Security, join us in keeping CoinDCX’s operations running smoothly and securely.

What You’ll Do:

Security Testing & Assurance Leadership

• Lead the Security Assurance function, focusing on technical security testing and validation.
• Define and implement the enterprise security testing strategy.
• Establish testing coverage across applications, APIs, infrastructure, cloud, and mobile platforms.
• Build scalable processes for continuous security testing across development pipelines and lifecycle.

Application & API Security Testing

• Oversee SAST, SCA, DAST, and manual penetration testing activities.
• Conduct and manage web, mobile, and API security assessments.
• Validate security controls within the software development lifecycle (SDLC).
• Partner with engineering teams to ensure secure coding practices and vulnerability remediation.

Infrastructure & Cloud Security Testing

• Conduct infrastructure penetration testing across internal and external environments.
• Validate security posture of our AWS cloud platform including misconfigurations, IAM risks, and exposure.
• Lead container and Kubernetes security testing.
• Validate security architecture through technical attack simulations.

Offensive Security & Red Teaming

• Plan and execute red team / adversary simulation exercises.
• Conduct threat-led penetration testing targeting high-risk systems.
• Identify systemic security weaknesses and provide strategic remediation guidance.

Security Tooling & Automation

• Implement and manage security testing tools for SAST, SCA, DAST, Container security scanning and Infrastructure scanning
• Coordinate with DevOps team to Integrate security testing into CI/CD pipelines.
• Drive adoption of automated security testing and continuous assurance across engineering teams

Vulnerability Management & Remediation

• Validate vulnerabilities identified through scanners and testing activities.
• Prioritize remediation based on risk and exploitability.
• Track remediation SLAs with engineering teams.
• Provide technical guidance on vulnerability fixes.

Vendor & External Testing Management

• Manage external penetration testing vendors and bug bounty programs.
• Validate quality and coverage of external testing engagements.
• Ensure findings are triaged, verified, and remediated effectively.

Metrics, Reporting & Governance

• Develop security assurance metrics, including:
• Vulnerability discovery trends
• Time to remediation
• Security testing coverage
• Security debt

• Provide regular reporting to security leadership and risk committees.

You’ll Excel in This Role If You have:

Experience

• 6–10 years of experience in cybersecurity with strong focus on security testing and offensive security.
• Experience leading security assurance / application security teams.
• Proven experience in penetration testing, vulnerability assessment, or red teaming.

Technical Expertise

Strong understanding of:

• Application Security
• OWASP Top 10
• API security (OWASP API Top 10)
• Secure SDLC
• Infrastructure Security
• Network security testing
• Active Directory attack paths
• Linux/Windows security
• Cloud Security
• AWS / GCP / Azure security architecture
• Kubernetes and container security
• Cloud misconfiguration testing

Tools & Technologies

Experience with tools such as:

• Burp Suite
• Metasploit
• OWASP ZAP
• Snyk / SCA tools
• Container security scanners
• Cloud security posture tools

Hiring Process:

Here’s what your journey with us looks like:

• Application Review – We assess for skills, alignment, and intent
• Recruiter Connect – A short conversation to understand you better
• Functional Round(s) – Deep dive into your approach, craft, and problem-solving
• Assignment / Simulation Round – A take-home task or live problem-solving exercise to understand how you think and execute in real scenarios
• Culture & Values Discussion – A conversation to understand our ways of working and how you thrive best
• Founder Conversation (Optional) – For certain roles and senior levels, you may meet our founders to explore strategic alignment and long-term fit

Where We Work:

We believe the best ideas emerge when people build together. Collaboration, speed and trust come alive when teams share the same space.

With this belief, we operate as a work-from-office organisation. This role is based out of ourBengaluru office, where energy, alignment and innovation move in real time.

Perks That Empower You:

We believe great people deserve great experiences.

• Design Your Own Benefits: Flexible perks to match your lifestyle
• Unlimited Wellness Leaves: Rest and recharge as you need
• Mental Wellness Support: Access to therapy and wellness resources
• Learning Sessions: Bi-weekly learning and growth opportunities

Ready to Build What’s Next?

If you’re looking for a role that gives you direct access to high-stakes decisions, deep impact and a chance to build the future of finance, this is it.

Join CoinDCX and help us make crypto accessible to every Indian, together.