Security Engineer
Raise the bar for Security Engineering at Frappe by improving code and infra that powers thousands of sites.

What you will be working on

  • Triaging, patching and disclosing issues reported by community researchers and our third-party security consultants.
  • You will be primarily working on securing the following Frappe products:
    • Frappe Framework (Our low-code web framework)
    • Frappe Cloud (Our infrastructure/platform)
    • ERPNext (Our flagship product)
    • Frappe HR
    • And other products in collaboration with product owners.
  • Continuous code audits and pentesting for discovering and preventing security vulnerabilities.
  • Ensuring compliance with ISO 27000 and working towards future compliance needs (like SOC 2)

What we are looking for

  • Someone with strong technical knowledge in Python, SQL and JavaScript.
  • 2-3 years of experience in the field of web development.
  • You should be passionate about deeply understanding how things work and how to make them better.
  • You should love tinkering and poking holes in systems.
  • Ability to discover AND patch SQLi, XSS, command-injection, authentication and authorization/ACL flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
  • Strong communication and collaboration skills to work with other Frappe engineers and external stakeholders.
  • Prior code audit experience is a big plus. We are a 100% open-source company, so you'll be inspecting code much more than doing black-box pen-testing.
  • Prior exposure to security engineering will be a huge plus but it's not a mandatory requirement.

Salary Range

  • This is a mid-level position.
  • The salary range for this position is INR 14-18 LPA.

Back to open positions