Lead -Information Security (8 to 12 yrs exp)

Zenoti provides an all-in-one, cloud-based software solution for the beauty and wellness industry. Our solution allows users to seamlessly manage every aspect of the business in a comprehensive mobile solution: online appointment bookings, POS, CRM, employee management, inventory management, built-in marketing programs and more. Zenoti helps clients streamline their systems and reduce costs, while simultaneously improving customer retention and spending. Our platform is engineered for reliability and scale and harnesses the power of enterprise-level technology for businesses of all sizes

Zenoti powers more than 30,000 salons, spas, medspas and fitness studios in over 50 countries. This includes a vast portfolio of global brands, such as European Wax Center, Hand & Stone, Massage Heights, Rush Hair & Beauty, Sono Bello, Profile by Sanford, Hair Cuttery, CorePower Yoga and TONI&GUY.

Our recent accomplishments include surpassing a $1 billion unicorn valuation, being named Next Tech Titan by GeekWire, raising an $80 million investment from TPG, ranking as the 316th fastest-growing company in North America on Deloitte’s 2020 Technology Fast 500™. We are also proud to be recognized as a Great Place to Work CertifiedTM for 2021-2022 as this reaffirms our commitment to empowering people to feel good and find their greatness. To learn more about Zenoti visit: https://www.zenoti.com

We are looking for a highly technical Lead – Information Security who will drive advanced security testing and red team activities across Zenoti’s platforms, including AI applications, web applications, mobile applications, APIs, and internal/external networks.

This role goes beyond traditional penetration testing. You will combine developer-level code analysis, AI application security testing, and adversarial simulation to uncover complex vulnerabilities. You’ll partner closely with engineering teams to ensure that Zenoti’s products, including our next-gen AI solutions, are secure by design.

Key Responsibilities

• Lead and perform end-to-end Vulnerability Assessment and Penetration Testing (VAPT) on AI applications, web platforms, APIs, mobile apps (iOS/Android), and network environments.
• Conduct red team operations simulating real-world adversarial techniques across applications, infrastructure, and cloud.
• Perform secure code reviews (AI/ML pipelines, web, backend, mobile) to identify security flaws in logic, libraries, and custom code.
• Design and execute AI/ML security testing, including:
• Adversarial ML attacks (data poisoning, model inversion, prompt injection).
• Model API abuse (unauthorized access, data leakage, overexposure of training data).
• AI supply chain risks (open-source model and library vulnerabilities).
• Perform API security testing to uncover flaws in authentication, authorization, and data handling.
• Collaborate with development, DevOps, and product teams to embed secure coding and model deployment practices into the SDLC.
• Build and maintain custom exploits, fuzzers, and security tools to validate vulnerabilities beyond automated scanners.
• Provide detailed technical reports and mentor engineering teams on secure design.
• Participate in incident response, including detection, investigation, and mitigation of application or AI-related security incidents.
• Stay updated with emerging threats in AI/ML, web, mobile, and cloud security and apply research to strengthen Zenoti’s defenses.

Skills & Qualifications

• 7–10 years of experience in offensive security, penetration testing, and application security.
• Strong development background with hands-on coding experience in Python, Java, JavaScript, Swift, Kotlin, or C#.
• Deep understanding of architecture and development of web applications and microservices using the .NET stack.
• Expertise in AI/ML security testing, including:
• Knowledge of adversarial ML frameworks (e.g., CleverHans, ART, TextAttack).
• Familiarity with prompt injection testing, LLM security, and data leakage risks.
• Understanding of ML pipelines, model deployment, and API vulnerabilities.
• Proficiency with security testing tools: Burp Suite, OWASP ZAP, Metasploit, Nessus, Nmap, Postman, MobSF, Frida, custom fuzzers.
• Deep understanding of web, mobile, API, AI/ML, and cloud security vulnerabilities (OWASP Top 10, API Top 10, Mobile Top 10, AI security frameworks like OWASP Top 10 for LLMs).
• Familiarity with AI model governance, MLOps, and data pipeline security.
• Strong grasp of security frameworks (OWASP, MITRE ATT&CK, NIST, CSA AI security).
• Certifications like OSCP, OSWE, OSEP, CEH, GWAPT, or AI/ML security certifications are highly desirable.
• Excellent analytical, problem-solving, and technical reporting skills.
• Excellent communication and presentation skills.
• Can work effectively in a fast-paced, dynamic, start-up environment.

Benefits

• Attractive compensation and benefits
• You will receive medical coverage for yourself and your immediate family
• An environment where wellbeing is high on priority – access to regular yoga, meditation, breathwork, nutrition counseling, stress management, inclusion of family for most benefit awareness building sessions
• Opportunities to be a part of a community and give back: Social activities are part of our culture; You can look forward to regular engagement, social work, community give-back initiatives