Who are we?

We are Spyne, redefining how cars are marketed and sold with cutting-edge Generative AI. What started as a bold idea—using AI-powered visuals to help dealers sell online faster—has evolved into a full-fledged AI-first automotive retail ecosystem.
Backed by $16 M in Series A funding from Vertex Ventures, Accel, and other top investors, we're scaling fast:
✔ Expanded across the US & EU markets
✔ Launched industry-first AI-powered Image & 360° solutions
✔ Achieved a 5× revenue surge in 15 months, aiming for 3–4× growth this year
🚀 Know Our Journey
  • 2020: Launched as a visual merchandising platform
  • 2023: Pivoted to AI-driven automotive retail solutions
  • 2024: Achieved 5× revenue growth in 15 months, aiming for 3–4× more
  • Today: Driving the GenAI revolution with AI-powered sourcing, pricing, CRM, and Agentic AI for dealerships
👉 Read more about us:

What Are We Looking For?

We're seeking a seasoned InfoSec Engineer to serve as Spyne's organization-wide security architect and enforcer. This role is not about managing DevOps—it's about partnering deeply with our Engineering, ML, and Product teams to embed security into every layer of our AI-first SaaS platform.
You will protect our proprietary AI assets, our clients' sensitive automotive retail data, and the live consumer pipelines that power products like Vini AI and Studio AI. A security failure here is not just an IT issue—it directly impacts our clients' sales operations and the trust they place in us.
📍 Location: Gurugram (Work from Office, 5 days a week)
🖥 Role: Full-Time, InfoSec Engineer

What Will You Do?

  • AI & LLM Security: Secure conversational agents (Vini AI) against prompt injection and data poisoning attacks; protect computer vision pipelines (Studio AI) from adversarial evasion techniques and model theft.
  • Code Security: Establish secure coding guidelines and integrate automated vulnerability scanning (SAST/SCA) directly into developer workflows and CI/CD pipelines.
  • API Security: Safeguard critical data pipelines and third-party CRM/DMS integrations (e.g., Tekion ARC) against unauthorized access, broken object-level authorization, and business logic abuse.
  • Application Security: Protect our Web App (Virtual Studio, Developer Hub) and Android/iOS mobile applications against reverse engineering, unauthorized access, and runtime exploits.
  • VAPT & Penetration Testing: Own and manage continuous offensive security testing—both automated vulnerability assessments and manual penetration tests—across the full product suite.
  • Compliance & Governance: Lead alignment with global data privacy regulations (GDPR, CCPA) and automotive industry security standards to support seamless enterprise onboarding in the US and EU.
  • Cross-Functional Security Enforcement: Partner with the DevOps team to define and enforce security requirements for cloud infrastructure; ensure deployment pipelines and AWS architectures meet rigorous security standards without hindering development velocity.
  • Security Culture: Drive security awareness programs, conduct training sessions, and build a security-first mindset across all engineering disciplines.
  • Incident Response: Define, document, and lead the execution of incident response playbooks; conduct post-mortems and drive remediation.

What You Must Have?

  • Experience: 3-5 years in an information security or application security role, preferably within a SaaS or AI-first product company.
  • AI/ML Security: Demonstrated knowledge of LLM attack vectors (prompt injection, jailbreaking, data exfiltration) and computer vision model threats (adversarial inputs, model inversion).
  • Application Security: Strong hands-on experience with OWASP Top 10 (Web & Mobile), API security testing, and mobile app security (Android/iOS).
  • SAST/DAST/SCA Tools: Proficiency with tools such as Semgrep, Snyk, Burp Suite, OWASP ZAP, or equivalents.
  • VAPT: Proven experience conducting or managing penetration tests across web, mobile, and API surfaces; familiarity with frameworks like PTES or OWASP WSTG.
  • Cloud Security: Working knowledge of AWS security services and best practices (IAM, Security Groups, GuardDuty, CloudTrail, KMS, Secrets Manager); ability to audit cloud architectures for risk.
  • Compliance: Practical experience with GDPR, CCPA, and/or relevant industry frameworks (SOC 2, ISO 27001); experience supporting enterprise security reviews and third-party audits.
  • Scripting & Automation: Proficient in Python, Bash, or similar scripting languages for security automation and tooling.
  • Collaboration: Ability to work closely with developers, DevOps, ML engineers, and product managers—translating complex security requirements into actionable engineering tasks without blocking velocity.
  • Education: Bachelor's or master's degree in Computer Science, Information Security, or a related field. Relevant certifications (OSCP, CEH, CISSP, AWS Security Specialty) are a strong plus.

Why is Spyne an Employee-Centric Company? 🚀

  • Comprehensive Health & Life Coverage – GMC, GPA, and GTLI benefits for you and your family
  • Performance-Driven Growth – Fast career progression, ownership from Day 1, and stock options for top performers
  • Elevate Learning & Development – Access LinkedIn Learning, mentorship programs, and hands-on AI security projects to upskill daily
  • Collaborative Office Culture – Thrive in our energetic, innovation-first workplace

Why Spyne?

  • Strong Culture: A supportive, transparent environment with high autonomy
  • Competitive Compensation: Market-leading salary, equity, and benefits
  • Dynamic Growth: Join us at a pivotal growth stage—shape our security posture, processes, and future
  • Cutting-Edge Tech: Work on real-world AI/ML and GenAI security challenges that very few engineers get to tackle

View all job openings