Job Description

MicrosoftPune
Posted On
11 Dec 2025
End Date
31 Dec 2025
Required Experience
5 - 7 Years



Basic Section
Grade





Role


Senior Software Engineer


Employment Type


Full Time


Employee Category



Organisational
Group Company


NewVision


Company Name


New Vision Softcom & Consultancy Pvt. Ltd


Function


Business Units (BU)


Department/Practice


Microsoft


Organization Unit


Application Development


Region


APAC


Country


India


Base Office Location


Pune


Working Model


Hybrid


Weekly Off


Pune Office Standard


State


Maharashtra




Skills
Skill


REACT JS


NODE JS


SECURITY ANALYST


POSTGRE SQL


WEB APPLICATION SECURITY


CLOUD AWS


CLOUD AZURE


Highest Education


POST GRADUATE


GRADUATION/EQUIVALENT COURSE


CERTIFICATION


No data available


Working Language


ENGLISH



Responsibilities

AI / LLM Red Teaming

Design and execute

adversarial testing

campaigns against LLM- and AI-powered features (prompt injection, jailbreaks, data exfiltration, indirect prompt attacks, model misuse, etc.). Develop structured

attack playbooks

for common AI threat scenarios (e.g., sensitive data leakage, model-enabled fraud, output manipulation). Build internal tools/scripts for

automating LLM red teaming

(prompt generators, fuzzers, scenario simulators). Analyze model and application behavior to identify

unsafe outputs, policy bypasses, and security gaps

, and propose mitigations.

Application & API Security

Review and harden

Next.js/React frontends

and

Node/Next.js APIs

for: Authentication & authorization flaws (IDOR, broken access control)


Injection risks (SQLi, NoSQLi, XSS, SSRF, template injection)


Insecure file, token, and secret handling



Perform

threat modeling

across our architecture: LLM providers, vector stores, web app, background workers, and data pipelines.


Collaborate with engineering to implement

defensive controls

(rate limiting, abuse detection, content filtering, input/output validation, logging & monitoring).

Secure Full-Stack Development

Contribute hands-on code to our

React / Next.js / Postgres

stack, especially where security-critical. Implement

secure-by-default

patterns: role-based access control, safe DB query patterns, secret management, secure session handling.

Build internal tools & dashboards that help visualize and track: Security findings and red team results


Risk across services and environments

Process & Culture

Partner with product, ML, and platform teams to

bake security into the SDLC

(design reviews, code review standards, CI/CD checks). Help define and refine

security policies, playbooks, and incident response

protocols. Educate engineers on

AI-specific security risks

and modern web app security best practices.

Must Have Skills

3-7+ years of experience as a Security Engineer, Red Teamer, Application Security Engineer, or similar, with strong coding skills.


Solid full-stack engineering experience:


Frontend: React (hooks, state management, best practices)


Web framework: Next.js (SSR/SSG, routing, API routes, middleware)


Backend: Node.js / TypeScript or JavaScript


Database: Postgres (schema design, migrations, query optimization, ORMs)


Hands-on experience with web application security, including:


OWASP Top 10 (Injection, XSS, Broken Auth, IDOR, etc.)


API security and secure session / token management (JWT, OAuth, etc.)


Practical experience doing at least one of:


Penetration testing / red teaming of web apps or APIs


Security-focused code review for production systems


Experience with cloud environments (AWS / GCP / Azure) and secure configuration basics (IAM, secrets, networking, logging).



Strong familiarity with security tools (e.g., Burp Suite, ZAP, SAST/DAST tools, dependency scanners).


Excellent ability to explain security issues clearly to non-security engineers and work collaboratively on fixes.


Skills required:


Frontend: React, Next.js, TypeScript


Backend: Node.js / Next.js server, REST/GraphQL APIs


Database: Postgres (+ possibly pgvector or similar)


AI: LLM providers (e.g., OpenAI, Anthropic, etc.), model gateways, prompt orchestration


Infra: [AWS/GCP/Azure - customize], Docker, CI/CD pipelines


Security: SAST/DAST tools, dependency scanners, log aggregators, SIEM, and custom red team tooling