Back to jobs

Senior Security Engineer

Gurugram, India

At Anaplan, we are a team of innovators focused on optimizing business decision-making through our leading AI-infused scenario planning and analysis platform so our customers can outpace their competition and the market.

What unites Anaplanners across teams and geographies is our collective commitment to our customers’ success and to our Winning Culture.

Our customers rank among the who’s who in the Fortune 50. Coca-Cola, LinkedIn, Adobe, LVMH and Bayer are just a few of the 2,400+ global companies who rely on our best-in-class platform.

Our Winning Culture is the engine that drives our teams of innovators. We champion diversity of thought and ideas, we behave like leaders regardless of title, we are committed to achieving ambitious goals, and we love celebrating our wins – big and small.

Supported by operating principles of being strategy-led, values-based and disciplined in execution, you’ll be inspired, connected, developed and rewarded here. Everything that makes you unique is welcome; join us and let’s build what’s next - together!

Senior Offensive Security Engineer

About the Role

As a Senior Offensive Security Engineer, you will lead offensive security efforts and own Anaplan’s vulnerability management programme. This is a dual-scope role: you’ll drive adversarial testing to find what’s broken, and you’ll run the process that ensures vulnerabilities—from your own assessments, scanners, bug bounty, and third-party audits—are tracked, prioritised, and remediated at the right pace. You’ll mentor the Offensive Security Engineer and serve as a technical authority across product and platform teams.

Individual Contributor Focus

  • Operates independently on complex offensive engagements and vulnerability management decisions, setting scope and priority without close supervision.
  • Communicates risk and remediation trade-offs to cross-functional stakeholders at the project and product-line level, influencing engineering roadmaps where security debt is material.
  • Mentors the Offensive Security Engineer and security champions across engineering, but carries no direct people management responsibility.

Responsibilities

Offensive Security

  • Advanced Penetration Testing & Red Teaming: Lead complex, multi-phase penetration tests and red team exercises against Anaplan’s platform, cloud infrastructure, and AI-powered products. Define engagement scope, rules of engagement, and success criteria.
  • Threat Modelling & Attack Path Analysis: Conduct adversarial threat modelling for new features and architectural changes, identifying realistic attack chains that inform both offensive testing and defensive controls.
  • Offensive Tooling & Capability Development: Build and maintain reusable offensive tooling, automation frameworks, and testing methodologies that scale with the platform’s evolution.
  • Mentorship & Technical Leadership: Guide the Offensive Security Engineer on methodology, scoping, and report quality. Raise the bar on how offensive findings translate into engineering action.

Vulnerability Management

  • Programme Ownership: Own the end-to-end vulnerability management lifecycle: intake from scanners, penetration tests, bug bounty, and third-party audits; triage and risk-rating; assignment to responsible teams; tracking through to verified remediation.
  • Prioritisation & Risk Calibration: Apply consistent, risk-based prioritisation that accounts for exploitability, blast radius, data sensitivity, and business context—not just CVSS scores.
  • Metrics & Reporting: Define and maintain vulnerability management metrics (mean time to remediate, ageing, SLA compliance) and report trends to security leadership and engineering stakeholders.
  • Process Improvement: Continuously improve the vulnerability management workflow: reduce noise, improve scanner accuracy, tighten integration with CI/CD and ticketing systems, and make it easier for engineering teams to act on findings.

Cross-Cutting

  • Incident Support: Support major security incident investigations with offensive expertise—reproducing attack paths, validating exposure scope, and advising on containment.
  • Stakeholder Communication: Present findings, risk assessments, and programme health to engineering leads, product managers, and security leadership with clarity and appropriate urgency.

Qualifications

  • Experience: 5+ years in offensive security, penetration testing, or a combination of offensive security and vulnerability management, with increasing scope and independence.
  • Offensive Depth: Proven ability to find and exploit non-trivial vulnerabilities in web applications, APIs, cloud infrastructure, or enterprise SaaS platforms. Comfortable building custom exploits and tooling.
  • Vulnerability Management: Experience designing or running a vulnerability management programme—triage workflows, SLA frameworks, scanner tuning, and remediation tracking—at meaningful scale.
  • Cloud & Infrastructure: Strong working knowledge of at least one major cloud provider (AWS, GCP, or Azure), including cloud-native attack surfaces, IAM misconfigurations, and container/orchestration security.
  • Technical Communication: Able to write penetration test reports that engineers respect, present risk trade-offs to non-security stakeholders, and influence remediation timelines without formal authority.
  • Judgement: Demonstrated ability to prioritise across competing risks—balancing offensive testing coverage, vulnerability backlog, and engineering capacity without defaulting to “everything is critical.”

Nice to Have

  • Experience testing AI/ML-powered features or pipelines for security weaknesses.
  • Track record of improving vulnerability management metrics (MTTR, SLA adherence, backlog reduction) in a product or platform engineering context.
  • Offensive security certifications such as OSCP, OSWE, OSCE, CRTO, or GXPN.
  • Contributions to open-source offensive tooling, published vulnerability research, or conference presentations.
  • Experience with supply-chain security assessment (dependency analysis, build pipeline integrity, SBOM).

Working Model

This role is on-site at our New Delhi, India office. You will report to the Senior Manager, Product Security.

Our Commitment to Diversity, Equity, Inclusion and Belonging (DEIB)

We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce, enhances trust with our partners and customers, and drives business success. Build your career in a place where diversity, equity, inclusion and belonging aren’t just words on paper – this is what drives our innovation, it’s how we connect, and it contributes to what makes us a market leader. We believe in a hiring and working environment where all people are respected and valued, regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes people unique. We hire you for who you are, and we want you to bring your authentic self to work every day! 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request accommodation.  

Fraud Recruitment Disclaimer  

It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals, mainly through telephone calls, emails and correspondence, claiming they are representatives of Anaplan. The main purpose of these correspondences and announcements is to obtain privileged information from individuals.  

Anaplan does not:  

  • Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person.   
  • Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible and then followed up via written communication.  

All emails from Anaplan would come from an @anaplan.com email address. Should you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Anaplan, please send an email to people@anaplan.com before taking any further action in relation to the correspondence.   

 

Create a Job Alert

Interested in building your career at Anaplan? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Anaplan’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.