Senior Security Engineer II

Careem


Date: 6 hours ago
City: Karachi
Contract type: Full time

Careem is building the Everything App for the greater Middle East — making it easy to move around, order food and groceries, manage payments, and more. Our purpose is simple: to simplify and improve people's lives and build an awesome organisation that inspires.
Since 2012, Careem has enabled earnings for over 2.5 million Captains, simplified the lives of more than 70 million customers, and built a platform where the region's best talent and entrepreneurs thrive. We operate in 70+ cities across 10 countries, from Morocco to Pakistan.

We're now entering our next chapter — one powered by AI. We're looking for AI talent: curious problem-solvers who know how to apply AI to build tools, automate workflows, and create real impact. Whether it's streamlining operations, enhancing customer experience, or reimagining internal systems — we want people who can make Careem work smarter and move faster.

About the Role

We are looking for a Senior Security Engineer II to join our Security Engineering team. This is a hands-on, high-ownership role for someone who thrives at the intersection of cloud security, infrastructure hardening, and agentic/AI security. You'll be expected to independently drive security initiatives across a large-scale, multi-vertical tech organization - not just advise, but build, ship, and operate.

What You'll Do
Cloud & Infrastructure Security
  • Own and drive cloud security posture across AWS environments (EC2, EBS, IAM, GuardDuty, Bottlerocket, Beanstalk) including enforcement of encryption-by-default, golden AMI pipelines, and auto-remediation frameworks.
  • Build and maintain hardened golden images; manage CVE patching pipelines and track fleet-wide vulnerability remediation health.
  • Own KSPM (Kubernetes Security Posture Management) and CSPM controls; lead contingency planning and incident response for infrastructure-level vulnerabilities.
  • Report on server hardening KPIs, vulnerability patching health, and compliant network security controls for executive/compliance audiences.
Edge & Network Security (Cloudflare)
  • Manage SSL/TLS certificate health, TLS version enforcement, and bot traffic analysis across production domains.
  • Analyze and respond to anomalies, bot vs human traffic breakdowns, DDoS patterns, firewall rule tuning.
  • Investigate CDN misconfigurations and drive root-cause analysis and mitigation for HackerOne-reported issues.
DDoS Simulation & Resilience Testing
  • Lead and operate DDoS simulation tooling (e.g., Kratos) across business verticals in collaboration with QA and SRE teams.
  • Integrate simulation platforms into internal developer portals with built-in auth, audit workflows, and approval controls.
Agentic AI & MCP Security
  • Conduct security reviews for agentic AI systems, MCP servers, and n8n automation workflows covering agent permissions, tool usage, OAuth/JWT auth, and SSRF/injection risks.
  • Publish security guidelines for agentic AI deployments; build automated tooling to assess agent/workflow security at scale.
  • Present security architecture proposals (e.g., AWS SSO for agentic identity) to Architecture Review Boards.
Security Reviews & Threat Modelling
  • Conduct infrastructure threat modelling and security assessment reports across product verticals (Remittance, Pay, Food, Groceries, DineOut, AppEngine, etc.).
  • Drive RFC, PRD, and code security reviews with strong security reasoning and written communication.
  • Review secrets management approaches, enforce environment separation (dev vs prod controls).
Infrastructure as Code & Automation
  • Contribute to IaC-based security baselining repositories; build auto-remediation proof-of-concepts that can scale across dozens of AWS accounts
  • Use agentic AI tooling to automate infrastructure security operations accelerating gap identification and response.

What You'll Need:
  • 8-10 years of hands-on security engineering experience in a cloud-native environment.
  • Deep expertise in AWS security (IAM, GuardDuty, EBS encryption, EC2/Beanstalk hardening, Bottlerocket, Secrets Manager).
  • Strong working knowledge of Kubernetes security (KSPM, container escape risks, runtime detection).
  • Hands-on experience with Cloudflare (WAF, bot management, SSL/TLS, custom rules, traffic analytics).
  • Proven track record of owning vulnerability management programs, patching pipelines, SLA tracking, KPI reporting.
  • Experience with DDoS simulation/resilience testing and cross-functional coordination with SRE and QA.
  • Familiarity with agentic AI and MCP server security ,SSRF, prompt injection, OAuth/JWT flows, tool permission scoping,
  • Experience building or reviewing n8n / workflow automation from a security perspective.
  • Strong communication & presentation skills
  • Strong cross functional and collaboration skills.
  • A high-ownership builder mindset, with a proven ability to drive complex initiatives independently from conception to completion
  • Familiarity with Infrastructure as Code (Terraform/CDK), Endpoint Security (CrowdStrike), HackerOne bug bounty triage, and application security tooling (Snyk/SonarQube) is a strong plus.

What We'll Provide You

We offer colleagues the opportunity to drive impact in the region while they learn and grow. As a full time Careem colleague, you will be able to:

  • Work and learn from great minds by joining a community of inspiring colleagues.
  • Put your passion to work in a purposeful organization dedicated to creating impact in a region with a lot of untapped potential.
  • Explore new opportunities to learn and grow every day.
  • Work 4 days a week in office & 1 day from home, and remotely from any country in the world for 30 days a year with unlimited vacation days per year. (If you are in an individual contributor role in tech, you will have 2 office days a week and 3 to work from home.)
  • Access to healthcare benefits and fitness reimbursements for health activities including gym, health club, and training classes.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

SDET- Securiti.ai

Veeam Software, Karachi
21 hours ago
Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Veeam is built for the convergence of identity, data, security, and AI risk. Headquartered in...

Product Manager (AI Products) - Morning/Afternoon Shift

10Pearls, Karachi
2 days ago
Company Overview: 10Pearls is a global, purpose-driven AI-Native digital engineering partner helping businesses re-imagine, ‎digitalize, and accelerate. As an end-to-end digital technology partner, 10Pearls helps businesses create future-proof, ‎transformative ‎digital products that leverage emerging technologies. ‎10Pearls' clients ‎include Global 2000 enterprises, high growth mid-size ‎businesses, and some of the most exciting ‎start-ups from industries like healthcare, fintech, ‎energy, education, ‎real...

Senior Manager Technology - Middleware

10Pearls, Karachi
4 days ago
Company Overview 10Pearls is an award-winning end-to-end digital innovation company that helps businesses imagine and build the future. We are proud to announce that 10Pearls was named as winner of the Best Tech Work Culture Timmy Award in Washington DC by Tech in Motion, recognized on the Inc. 5000 Fastest-Growing Companies List, and was ranked the #1 Most Diverse Midsize...