Security QA Engineer

Security QA Engineer

About Company for Trinka

Company: Trinka

Department: Version-X

Role: Security QA Engineer

Location: Mumbai, India (On-site / Hybrid) Type: Full-Time

Working Days: 5 days

About us: Crimson Interactive - https://www.crimsoni.com/

We are a technology-driven scientific communications & localization company. Crimson offers a robust ecosystem of services with cutting-edge AI and learning products for researchers, publishers, societies, universities, and government research bodies worldwide. With a global presence, including 9 international offices, we cater to the communication needs of the scientific community and corporates.

Crimson Enago flagship products

At Crimson Enago we are laser-focused on building AI-powered tools and services that significantly boost the productivity of researchers and professionals. Every researcher or professional goes through the stages of knowledge discovery, knowledge acquisition, knowledge creation, and knowledge dissemination. However, each stage is cognitively heavy and is tightly coupled. In this direction, we have our flagship products Trinka.

About Trinka

Trinka (www.trinka.ai) is an AI-powered English grammar checker and language enhancement writing assistant designed for academic and technical writing. Built by linguists, scientists, and language lovers, Trinka finds and corrects thousands of complex writing errors — so you don’t have to. Trinka corrects contextual spelling mistakes, and advanced grammar errors, enhances vocabulary usage, and provides writing suggestions in real-time. Trinka goes beyond grammar to help professionals and academics ensure professional, concise, and engaging writing. With subject-specific correction, Trinka understands the nuances in the expression of each subject and ensures the writing is fit for the subject. Trinka's Enterprise solutions come with unlimited access and great customisation options to all of Trinka’s powerful capabilities.

About the team

We are a bunch of passionate researchers, engineers, and designers who came together to build a product that can revolutionise the way any research-intensive projects are done. Reducing cognitive load and helping people to convert information into knowledge, is at the core of our mission. Our engineering team is building a scalable platform that deals with tons of data, AI processing over the data, and interactions of users from across the globe. We believe research plays a key role in making the world a better place, and we want to make it easy to approach and fun to do!

About the Role

We're hiring a Security QA Engineer to own the intersection of security and quality assurance across our platform. You'll build security testing practices, identify vulnerabilities, and work alongside engineering to close gaps before they reach production.

Responsibilities

• Design and execute security test plans: SAST, DAST, penetration testing, and vulnerability assessments
• Integrate security testing into CI/CD pipelines (shift-left security)
• Conduct threat modeling and risk assessments for new features and architecture changes
• Identify and track security vulnerabilities — from discovery to remediation
• Collaborate with developers to review code for security anti-patterns (injection, IDOR, auth flaws, etc.)
• Maintain security testing tools and frameworks (OWASP ZAP, Burp Suite, Trivy, Snyk, etc.)
• Assist in compliance audits: SOC 2, ISO 27001, VAPT reports, and India DPDP Act
• Document security findings, write detailed bug reports, and validate fixes

Requirements

• 4+ years in QA, with at least 2 years focused on application security.
• Proficiency with security testing tools: Burp Suite, OWASP ZAP, Nessus, or equivalents
• Solid understanding of OWASP Top 10, CVEs, and common web/API vulnerabilities
• Experience with container security scanning (Docker, Kubernetes)
• Familiarity with CI/CD pipelines and how to embed security gates (GitHub Actions, GitLab CI)
• Working knowledge of cloud security concepts (IAM, VPCs, secrets management)

Nice to Have

• CEH, OSCP, or CompTIA Security+ certification
• Experience with bug bounty programs or red teaming
• Exposure to compliance frameworks: SOC 2, PCI-DSS, HIPAA, India DPDP Act