Senior Security Engineer II
About the role
Careem is building the Everything App for the greater Middle East — making it easy to move around, order food and groceries, manage payments, and more. Our purpose is simple: to simplify and improve people’s lives and build an awesome organisation that inspires.
5 million Captains, simplified the lives of more than 70 million customers, and built a platform where the region’s best talent and entrepreneurs thrive. We operate in 70+ cities across 10 countries, from Morocco to Pakistan.
We’re now entering our next chapter — one powered by AI. We’re looking for AI talent: curious problem-solvers who know how to apply AI to build tools, automate workflows, and create real impact. Whether it’s streamlining operations, enhancing customer experience, or reimagining internal systems — we want people who can make Careem work smarter and move faster.
About the Role
We are looking for a Senior Security Engineer II to join our Security Engineering team. This is a hands-on, high-ownership role for someone who thrives at the intersection of cloud security, infrastructure hardening, and agentic/AI security. You'll be expected to independently drive security initiatives across a large-scale, multi-vertical tech organization - not just advise, but build, ship, and operate.
What You'll Do
Cloud & Infrastructure Security
- Own and drive cloud security posture across AWS environments (EC2, EBS, IAM, GuardDuty, Bottlerocket, Beanstalk) including enforcement of encryption-by-default, golden AMI pipelines, and auto-remediation frameworks.
- Build and maintain hardened golden images; manage CVE patching pipelines and track fleet-wide vulnerability remediation health.
- Own KSPM (Kubernetes Security Posture Management) and CSPM controls; lead contingency planning and incident response for infrastructure-level vulnerabilities.
- Report on server hardening KPIs, vulnerability patching health, and compliant network security controls for executive/compliance audiences.
Edge & Network Security (Cloudflare)
- Manage SSL/TLS certificate health, TLS version enforcement, and bot traffic analysis across production domains.
- Analyze and respond to anomalies, bot vs human traffic breakdowns, DDoS patterns, firewall rule tuning.
- Investigate CDN misconfigurations and drive root-cause analysis and mitigation for HackerOne-reported issues.
DDoS Simulation & Resilience Testing
- Lead and operate DDoS simulation tooling (e.g., Kratos) across business verticals in collaboration with QA and SRE teams.
- Integrate simulation platforms into internal developer portals with built-in auth, audit workflows, and approval controls.
Agentic AI & MCP Security
- Conduct security reviews for agentic AI systems, MCP servers, and n8n automation workflows covering agent permissions, tool usage, OAuth/JWT auth, and SSRF/injection risks.
- Publish security guidelines for agentic AI deployments; build automated tooling to assess agent/workflow security at scale.
- Present security architecture proposals (e.g., AWS SSO for agentic identity) to Architecture Review Boards.
Security Reviews & Threat Modelling
- Conduct infrastructure threat modelling and security assessment reports across product verticals (Remittance, Pay, Food, Groceries, DineOut, AppEngine, etc.).
- Drive RFC, PRD, and code security reviews with strong security reasoning and written communication.
- Review secrets management approaches, enforce environment separation (dev vs prod controls).
Infrastructure as Code & Automation
- Contribute to IaC-based security baselining repositories; build auto-remediation proof-of-concepts that can scale across dozens of AWS accounts
- Use agentic AI tooling to automate infrastructure security operations accelerating gap identification and response.
What You'll Need
- 8-10 years of hands-on security engineering experience in a cloud-native environment.
- Deep expertise in AWS security (IAM, GuardDuty, EBS encryption, EC2/Beanstalk hardening, Bottlerocket, Secrets Manager).
- Strong working knowledge of Kubernetes security (KSPM, container escape risks, runtime detection).
- Hands-on experience with Cloudflare (WAF, bot management, SSL/TLS, custom rules, traffic analytics).
- Proven track record of owning vulnerability management programs, patching pipelines, SLA tracking, KPI reporting.
- Experience with DDoS simulation/resilience testing and cross-functional coordination with SRE and QA.
- Familiarity with agentic AI and MCP server security ,SSRF, prompt injection, OAuth/JWT flows, tool permission scoping,
- Experience building or reviewing n8n / workflow automation from a security perspective.
- Strong communication & presentation skills
- Strong cross functional and collaboration skills.
- A high-ownership builder mindset, with a proven ability to drive complex initiatives independently from conception to completion
- Familiarity with Infrastructure as Code (Terraform/CDK), Endpoint Security (CrowdStrike), HackerOne bug bounty triage, and application security tooling (Snyk/SonarQube) is a strong plus.
What We’ll Provide You
We offer colleagues the opportunity to drive impact in the region while they learn and grow. As a full time Careem colleague, you will be able to
- Work and learn from great minds by joining a community of inspiring colleagues.
- Put your passion to work in a purposeful organization dedicated to creating impact in a region with a lot of untapped potential.
- Explore new opportunities to learn and grow every day.
- Work 4 days a week in office & 1 day from home, and remotely from any country in the world for 30 days a year with unlimited vacation days per year. (If you are in an individual contributor role in tech, you will have 2 office days a week and 3 to work from home.)
- Access to healthcare benefits and fitness reimbursements for health activities including gym, health club, and training classes.