Location : Bangalore; (Full Time, Onsite)

Battle-tested in 350+ deployments across 30+ countries, Locus is an agentic Transportation Management System for all-mile, all-channel, trusted by enterprises like Unilever, Nestlé, and Siam Makro. 

The platform unifies orders, capacity, and carrier networks into one living plan, aligning planning, execution, and settlement so promises become proof. AI co-pilots with guardrails surface risk early and recommend the next best move to protect SLAs and reduce empty miles.

 In 2025, Locus joined the Ingka Group (IKEA Retail) family, marking a major milestone in our journey. Backed by the scale and strength of IKEA, we continue to operate independently while accelerating our mission to make global supply chains faster, smarter, and more sustainable.

Since 2015, Locus has been on a mission to make logistics decision-making intelligent, sustainable, and real-world ready. Our platform has powered billions of deliveries across 30 + countries for global enterprises, driving measurable impact in cost savings, carbon reduction, and SLA performance. With the strength of the IKEA ecosystem behind us, we’re scaling that impact even further.

Headquartered in Bangalore, with teams across the U.S., U.K., UAE, and Southeast Asia, Locus brings together 170 + engineers, designers, and problem-solvers united by a single goal: to reinvent how the world moves goods.

We look for people who are:

• Global in mindset: curious about diverse markets and ideas.

  
  

• Unrelenting in drive: energized by complex challenges.

  
  

• Intelligent in approach: analytical, creative, and thoughtful.

  
  

• Dynamic in execution: adaptive and decisive in fast-moving contexts.

  
  

• Exact in craft: detail-oriented and committed to excellence.

  
  

We are looking for a Senior Security Engineer to own and drive our security engineering programme across cloud and infrastructure security, DevSecOps, and detection engineering. You will work on a next-generation multi-tenant SaaS running on Kubernetes, served to enterprise clients across multiple regions. Beyond the platforms, Locus operates a suite of AI-agent products in production, adding a modern and growing attack surface that this role will actively help secure.

This is a hands-on senior IC role with broad scope. You will work closely with engineering and DevOps teams, set technical direction for security across the organisation, and operate with a high degree of autonomy. Minimum 5 years of experience in a multi-domain security engineering role is required.

• Lead threat modeling and security design reviews for cloud infrastructure, multi-tenant application architectures, and AI-agent systems — integrating security from the design stage, not as an afterthought.

  
  

• Own cloud security posture across AWS and Kubernetes — enforce IAM least-privilege, harden cluster security (pod security standards, network policies, admission controls), manage secrets hygiene, and drive compliance with cloud security benchmarks.

  
  

• Drive DevSecOps security controls across CI/CD pipelines, including SAST, DAST, SCA, secrets scanning, container image scanning, and IaC security — as enforcing gates, not advisory checks.

  
  

• Own and harden supply-chain security: dependency and base image governance, build provenance controls, branch protection enforcement, and ensuring every new repository inherits security gates from creation.

  
  

• Design, implement, and continuously improve security detections across cloud, runtime, and endpoint layers — author detection rules, tune alerts, reduce false-positive rates, and build towards proactive threat hunting.

  
  

• Own the vulnerability management process end-to-end — triage findings from multiple scanner sources using risk-based prioritisation, drive SLA adherence with engineering teams, and report risk posture to leadership.

  
  

• Build and own incident response capability — define and maintain response playbooks, run tabletop exercises on realistic scenarios, instrument detection-to-containment metrics, and ensure significant incidents close with written RCAs.

  
  

• Conduct security assessments of cloud configurations, API surfaces, and multi-tenant authorization boundaries — identify architectural weaknesses and drive remediation to closure.

  
  

• Review and assess the security posture of AI-agent products in production, covering prompt-injection risks, data isolation, tool-boundary abuse, and SSRF exposure — aligned to OWASP LLM Top-10 and MITRE ATLAS.

  
  

• Develop and maintain custom tooling, scripts, and automation to scale security coverage and reduce manual effort — agentic triage workflows, detection automation, and purpose-built scanners.

  
  

• Champion secure-by-design practices across engineering — run security reviews at project intake, translate risk into developer-friendly guidance, and maintain a security culture grounded in 'complexity is the enemy of security.'