Senior Security Engineer

At Anaplan we are a team of innovators focused on optimizing business decision-making through our leading AI-infused scenario planning and analysis platform so our customers can outpace their competition and the market.

What unites Anaplanners across teams and geographies is our collective commitment to our customers success and to our Winning Culture.

Our customers rank among the whos who in the Fortune 50. Coca-Cola LinkedIn Adobe LVMH and Bayer are just a few of the 2400 global companies who rely on our best-in-class platform.

Our Winning Culture is the engine that drives our teams of innovators. We champion diversity of thought and ideas we behave like leaders regardless of title we are committed to achieving ambitious goals and we love celebrating our wins big and small.

Supported by operating principles of being strategy-led values-based and disciplined in execution youll be inspired connected developed and rewarded here. Everything that makes you unique is welcome; join us and lets build whats next - together!

Senior Offensive Security Engineer

About the Role

As a Senior Offensive Security Engineer you will lead offensive security efforts and own Anaplans vulnerability management programme. This is a dual-scope role: youll drive adversarial testing to find whats broken and youll run the process that ensures vulnerabilitiesfrom your own assessments scanners bug bounty and third-party auditsare tracked prioritised and remediated at the right pace. Youll mentor the Offensive Security Engineer and serve as a technical authority across product and platform teams.

Individual Contributor Focus

• Operates independently on complex offensive engagements and vulnerability management decisions setting scope and priority without close supervision.
• Communicates risk and remediation trade-offs to cross-functional stakeholders at the project and product-line level influencing engineering roadmaps where security debt is material.
• Mentors the Offensive Security Engineer and security champions across engineering but carries no direct people management responsibility.

Responsibilities

Offensive Security

• Advanced Penetration Testing & Red Teaming: Lead complex multi-phase penetration tests and red team exercises against Anaplans platform cloud infrastructure and AI-powered products. Define engagement scope rules of engagement and success criteria.
• Threat Modelling & Attack Path Analysis: Conduct adversarial threat modelling for new features and architectural changes identifying realistic attack chains that inform both offensive testing and defensive controls.
• Offensive Tooling & Capability Development: Build and maintain reusable offensive tooling automation frameworks and testing methodologies that scale with the platforms evolution.
• Mentorship & Technical Leadership: Guide the Offensive Security Engineer on methodology scoping and report quality. Raise the bar on how offensive findings translate into engineering action.

Vulnerability Management

• Programme Ownership: Own the end-to-end vulnerability management lifecycle: intake from scanners penetration tests bug bounty and third-party audits; triage and risk-rating; assignment to responsible teams; tracking through to verified remediation.
• Prioritisation & Risk Calibration: Apply consistent risk-based prioritisation that accounts for exploitability blast radius data sensitivity and business contextnot just CVSS scores.
• Metrics & Reporting: Define and maintain vulnerability management metrics (mean time to remediate ageing SLA compliance) and report trends to security leadership and engineering stakeholders.
• Process Improvement: Continuously improve the vulnerability management workflow: reduce noise improve scanner accuracy tighten integration with CI/CD and ticketing systems and make it easier for engineering teams to act on findings.

Cross-Cutting

• Incident Support: Support major security incident investigations with offensive expertisereproducing attack paths validating exposure scope and advising on containment.
• Stakeholder Communication: Present findings risk assessments and programme health to engineering leads product managers and security leadership with clarity and appropriate urgency.

Qualifications

• Experience: 5 years in offensive security penetration testing or a combination of offensive security and vulnerability management with increasing scope and independence.
• Offensive Depth: Proven ability to find and exploit non-trivial vulnerabilities in web applications APIs cloud infrastructure or enterprise SaaS platforms. Comfortable building custom exploits and tooling.
• Vulnerability Management: Experience designing or running a vulnerability management programmetriage workflows SLA frameworks scanner tuning and remediation trackingat meaningful scale.
• Cloud & Infrastructure: Strong working knowledge of at least one major cloud provider (AWS GCP or Azure) including cloud-native attack surfaces IAM misconfigurations and container/orchestration security.
• Technical Communication: Able to write penetration test reports that engineers respect present risk trade-offs to non-security stakeholders and influence remediation timelines without formal authority.
• Judgement: Demonstrated ability to prioritise across competing risksbalancing offensive testing coverage vulnerability backlog and engineering capacity without defaulting to everything is critical.

Nice to Have

• Experience testing AI/ML-powered features or pipelines for security weaknesses.
• Track record of improving vulnerability management metrics (MTTR SLA adherence backlog reduction) in a product or platform engineering context.
• Offensive security certifications such as OSCP OSWE OSCE CRTO or GXPN.
• Contributions to open-source offensive tooling published vulnerability research or conference presentations.
• Experience with supply-chain security assessment (dependency analysis build pipeline integrity SBOM).

Working Model

This role is on-site at our New Delhi India office. You will report to the Senior Manager Product Security.

Our Commitment to Diversity Equity Inclusionand Belonging (DEIB)

We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce enhances trust with our partners and customers and drives business success. Build your career in a place where diversity equity inclusion and belonging arent just words on paper this is what drives our innovation its how we connect and it contributes to what makes us a market leader. We believe in a hiring and working environment where all people are respected and valued regardless of gender identity or expression sexual orientation religion ethnicity age neurodiversity disability status citizenship or any other aspect which makes people unique. We hire you for who you are and we want you to bring your authentic self to work every day!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process perform essential job functions and receive equitable benefits and all privileges of employment. Please contact us to request accommodation.

Fraud Recruitment Disclaimer

It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals mainly through telephone calls emails and correspondence claiming they are representatives of Anaplan. The main purpose of these correspondences and announcements is to obtain privileged information from individuals.

Anaplan does not:

• Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person.
• Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible and then followed up via written communication.

All emails from Anaplan would come from an @ email address. Should you have any doubts about the authenticity of an email letter or telephone communication purportedly from for or on behalf of Anaplan please send an email to before taking any further action in relation to the correspondence.