Austin · Texas, USA
14:18CST
Careers
Find what the world missed.
We build offensive security from research to revenue.
Pentesters publish CVEs. Engineers build BugDazz Autonomous. Engagement leads scope the work. Sales names the threat. Operations keeps researchers in flight. Every role ends in the same artifact: an exploit, a patch, a receipt.
The work —
What you would actually do.
Six disciplines, one proof chain — research to retest, exploit to patch, sale to renewal.
- Research
Find what others miss.
Reverse-engineer software no one else looked at this year. Chain primitives into working exploits. Publish CVEs that name us. Researchers chained CVE-2024-3400 three weeks before public disclosure — the day-one standard.
- Engineering
Ship BugDazz Autonomous.
Build BugDazz Autonomous — the pentest engine that runs web apps, APIs, and Active Directory on a customer-set schedule. Tools, infra, integrations, plumbing.
- Engagement
Scope before testing.
Run kickoffs with CISOs and platform leads. Translate findings into language regulators sign off on. Pruthvi and Munmun own this — calls, SOWs, the memo that goes to the board.
- Sales
Proof, not pitch decks.
Open conversations with security leads at fintechs, banks, healthcare, telecoms, SaaS. The buyers who want artifacts, not templated PDFs.
- Operations
Keep researchers in flight.
Equipment. Visas. Conference travel — DEF CON, Black Hat, OWASP, BSides. The work needs the room to happen.
- Customer success
Land remediation, not findings.
The report lands as work in the right team's queue. The retest passes. The next engagement is scoped before the renewal.
Open positions —
Roles open right now.
Live from our hiring portal. Apply opens the role on sechire.net — resume, scheduling, references handled there.
Department
Location
Mode
5 of 5 roles
Red Team Operator
Job Role - As part of our offensive security team, you’ll work with cutting-edge tools, innovative techniques, and an experienced team to challenge the status quo and strengthen the digital landscape.…
ApplySecurity Consultant
Pune, India
onsite · full-time
Security Consultant
We send a signal - “w00t w00t” whenever we find a critical vulnerability. Our vision brings the most talented & experienced security consultants in the industry & this right opportunity to grow professionally. We have a…
ApplySecurity Consultant
Pune
hybrid · full-time
Application Security Engineer
Role Overview: - We are looking for a skilled Application Security Specialist responsible for conducting web, API, and source code security assessments. The candidate should possess strong manual testing capabilities and…
ApplyGeneral
Thane/ Belapur
onsite · full-time
Associate Security Consultant
Requirement: • Minimum 1-3 years of experience in cybersecurity domain. • Candidate should have CVE IDs or Research Paper Submission on the National & International Conferences. • Candidate should have Bug Bounty or hall…
ApplyGeneral
Pune
hybrid · full-time
Enterprise Cybersecurity Sales
About the Role SecureLayer7 is expanding its BFSI cybersecurity vertical in 2026. We have been serving leading Banking & Financial Services organizations for the past 4 years and are now scaling aggressively. We are look…
ApplyGeneral
Mumbai
hybrid · full-time
Hiring process —
Five rounds. No surprises.
- 01
Screening
Thirty minutes. Why us, why now, what you have shipped. A pod lead listens more than they ask.
- 02
Track exercise
Original CTF for security · code review for engineering · scoping sim for engagement · discovery practice for sales. Two hours.
- 03
Discipline interview
Talk through your exercise with the team you would work alongside.
- 04
Cross-functional
Meet the adjacent team — the discipline-gap test.
- 05
Founders
Sandeep and leadership. Offer within five business days.
Median timeline: two weeks. Two-and-a-half for sales and engagement.
What you get —
Real comp. Real time to do the work.
Standard line items, written so you know what the offer actually means before you walk into the founders chat.
- Compensation
Set against the local market for the role.
Benchmarked to local market data, reviewed yearly. Equity for senior hires.
- Conference + training
DEF CON, Black Hat, OWASP, BSides — talks too.
Security track: DEF CON, Black Hat, OWASP, BSides — registration and travel covered. Engineering: pick the technical conferences. Other tracks: same per-head budget, your call on the event.
- Research time
A quarterly cadence, not a 20% project.
Pentesters get protected weeks each quarter for original research that ships as a CVE or a public writeup.
- Equipment
Whatever the work needs.
A working laptop. Lab hardware for IoT and hardware research. Replaced on the team's standard refresh cycle.
- Health + leave
We do not measure adults by attendance.
Medical, dental, vision in each office. Parental leave, PTO, sick leave on each office's local policy.
- Office or remote
Austin and Pune are real offices.
People show up. Specific roles are remote — that is noted on the role itself.
The offer letter spells every line out as a number or a policy reference.
Third-party signal —
What people who've worked here actually say.
Public, anonymous, third-party. Numbers come from Glassdoor's own dashboard for SecureLayer7.
4.7Glassdoor ratingACROSS 108 REVIEWS
- 93%Would recommendTO A FRIEND
- 4.6Work-life balanceIT INDUSTRY AVG 3.8
- 88%Positive outlookON THE BUSINESS, 12-MO
Where we work —
Two cities, one team.
Austin and Pune. Pentesters, researchers, and engagement leads work from both — local hires, local hours.
Pune · Maharashtra, India
00:48IST
On record —
The work earns its own credentials.
14 years of offensive research. Every claim backed by a live CVE or a proven exploit.
CREST
Accredited company + accredited testers
CERT-In
Empanelled auditor — India
SOC 2 Type II
AICPA Trust Services
ISO/IEC 27001
Information Security Management
Mapped to engagement requirements across
SOC 2 Type IIPCI DSSHIPAAISO 27001GDPRNIST CSFFedRAMPand others
FAQ —
Processquestions.
Show all 6 questionsShow less
Don't see your role? Tell us what you would build here. info@securelayer7.net