Security Engineer IV
Bangalore, Karnataka
About the Team
The security team at Meesho is like the Avengers to Meesho's S.H.I.E.L.D. After all, when 5% of Indian households shop with us, it’s important to build resilient systems to manage millions of orders every day. We’ve done this – with zero downtime! 😎 Sounds impossible? Well, that’s the kind of Engineering muscle that has helped Meesho become the e-commerce giant it is today. We value speed over perfection, and see failures as opportunities to become better. We’ve taken steps to inculcate a strong ‘Founder’s Mindset’ across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As a Security Engineer, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we aren’t building unparalleled tech solutions, you can find us debating the plot points of our favorite books and games – or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us.
About the Role
As a Security Engineer 4, your role is integral in ensuring the security of our products throughout their development lifecycle. You will be involved from the very beginning, participating in threat modeling and design reviews to identify potential risks early. You'll also integrate and manage SAST tools within our CI/CD pipeline, ensuring continuous security testing as code evolves. Additionally, you'll lead and conduct vulnerability assessments and penetration testing (VAPT) to proactively uncover and address security vulnerabilities before they reach production.
Welcome to Meesho, where every story begins with a spark of inspiration and a dash of entrepreneurial spirit. We're not just a platform; we're your partner in turning dreams into realities.
Our Mission
Democratising internet commerce for everyone- Meesho (Meri shop) started with a single idea in mind -to be an e-commerce destination for the next billion Indian consumers and enable 100 million small businesses to succeed online. We provide sellers with a range of industry-first benefits such as zero commission and the lowest shipping cost. Over 1.75 million sellers are registered on Meesho, growing their business by tapping the company’s massive customer base, state-of-the-art tech infrastructure, pan-India logistics at the lowest cost through third-party logistics providers in an 'Everyday Lowest Cost' channel for sellers. Affordable, relatable merchandise mirroring local markets has helped us make inroads with first-time internet users in the country. We cater to an underserved and unique customer base and cover every serviceable pincode in the country. Our unique business model and continuous innovation has enabled us to become the first Indian horizontal E-commerce company.
Culture and Total Rewards
Our focus is on cultivating a dynamic workplace characterized by high impact and performance excellence. We prioritize a people-centric culture, dedicated to hiring and developing exceptional talent. Total rewards at Meesho comprises of a comprehensive set of elements - monetary, non monetary, tangible and intangible in nature. Our 11 guiding principles, or "Mantras," are the backbone of how we operate - influencing everything from recognition and evaluation to growth discussions. Daily rituals & processes like “Reflections”, “Listen or Die” , Internal Mobility Program, Talent Reviews, Continuous Performance Management - all embody these principles. We provide market leading compensation - both cash and equity-based - specific to job roles, individual experience and skill along with our employee centric benefits and work environment. We focus extensively on holistic wellness - through our MeeCare Program - encompassing benefits and policies across physical, mental, financial, and social wellness aspects. This includes extensive medical insurance benefits for employees and their families, wellness initiatives like telehealth, wellness events, and gym & recreational discounts etc. To support work-life balance, we provide generous leave policies, parental support benefits, retirement benefits, and learning and development assistance. Through gratitude for stretched work, personalized gifts, engagement & fun at work - we promote employee delight at the workplace. Many other benefits such as salary advance support, relocation assistance, and flexible benefits plans further enrich the Meesho employee experience.
Know more about Meesho here : https://www.meesho.io/
The security team at Meesho is like the Avengers to Meesho's S.H.I.E.L.D. After all, when 5% of Indian households shop with us, it’s important to build resilient systems to manage millions of orders every day. We’ve done this – with zero downtime! 😎 Sounds impossible? Well, that’s the kind of Engineering muscle that has helped Meesho become the e-commerce giant it is today. We value speed over perfection, and see failures as opportunities to become better. We’ve taken steps to inculcate a strong ‘Founder’s Mindset’ across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As a Security Engineer, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we aren’t building unparalleled tech solutions, you can find us debating the plot points of our favorite books and games – or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us.
About the Role
As a Security Engineer 4, your role is integral in ensuring the security of our products throughout their development lifecycle. You will be involved from the very beginning, participating in threat modeling and design reviews to identify potential risks early. You'll also integrate and manage SAST tools within our CI/CD pipeline, ensuring continuous security testing as code evolves. Additionally, you'll lead and conduct vulnerability assessments and penetration testing (VAPT) to proactively uncover and address security vulnerabilities before they reach production.
What You Will Do:
- Lead and manage all aspects of the Secure Software Development Lifecycle (SDLC).
- Implement and manage security tools within the CI/CD pipeline (DevSecOps).
- Conduct and oversee VAPT for web applications, APIs, iOS, and Android apps.
- Perform threat modeling, design, and architecture reviews to identify potential risks.
- Execute manual source code reviews and enhance security in production environments.
- Manage and optimize a self-managed bug bounty program.
- Provide security architectural guidance to Engineering and IT teams.
- Manage issues identified from penetration tests and bug bounty programs.
- Lead security training and awareness campaigns across the organization.
- Manage Web Application Firewalls (WAF) to ensure robust protection.
- Engage in the Security Champions program to integrate security practices within teams.
- Assist in creating and maintaining Security Risk Models for both new and existing systems.
What You Will Need:
- 7+ years of experience in product security, with a focus on application security and DevSecOps.
- Proven experience in leading architectural changes or cross-team efforts to mitigate security vulnerabilities.
- Proficiency in programming languages such as Java, React, Node.js, and Python.
- Hands-on experience with manual source code reviews and securing production code.
- Expertise in deploying and managing security tools in CI/CD pipelines.
- Experience with Git, Jenkins, Artifactory, or other similar technologies
- Strong background in securing the software development lifecycle, including eliminating classes of vulnerabilities.
- Proficiency with cloud platforms like AWS or GCP, including their security tools.
- Experience with Docker and containerization technologies is highly desirable.
- Additional experience in infrastructure security, particularly in GCP, Docker, and containerization, is a bonus.
Bonus Points
- Relevant certifications such as GIAC Web Application Penetration Tester (GWAPT), OffSec’s Advanced Web Attacks and Exploitation (WEB-300), etc.
- Strong understanding of SSO protocols, including OAuth and SAML.
- Experience speaking at meetups or conferences.
- Experience participating in bug bounty programs.
Welcome to Meesho, where every story begins with a spark of inspiration and a dash of entrepreneurial spirit. We're not just a platform; we're your partner in turning dreams into realities.
Our Mission
Democratising internet commerce for everyone- Meesho (Meri shop) started with a single idea in mind -to be an e-commerce destination for the next billion Indian consumers and enable 100 million small businesses to succeed online. We provide sellers with a range of industry-first benefits such as zero commission and the lowest shipping cost. Over 1.75 million sellers are registered on Meesho, growing their business by tapping the company’s massive customer base, state-of-the-art tech infrastructure, pan-India logistics at the lowest cost through third-party logistics providers in an 'Everyday Lowest Cost' channel for sellers. Affordable, relatable merchandise mirroring local markets has helped us make inroads with first-time internet users in the country. We cater to an underserved and unique customer base and cover every serviceable pincode in the country. Our unique business model and continuous innovation has enabled us to become the first Indian horizontal E-commerce company.
Culture and Total Rewards
Our focus is on cultivating a dynamic workplace characterized by high impact and performance excellence. We prioritize a people-centric culture, dedicated to hiring and developing exceptional talent. Total rewards at Meesho comprises of a comprehensive set of elements - monetary, non monetary, tangible and intangible in nature. Our 11 guiding principles, or "Mantras," are the backbone of how we operate - influencing everything from recognition and evaluation to growth discussions. Daily rituals & processes like “Reflections”, “Listen or Die” , Internal Mobility Program, Talent Reviews, Continuous Performance Management - all embody these principles. We provide market leading compensation - both cash and equity-based - specific to job roles, individual experience and skill along with our employee centric benefits and work environment. We focus extensively on holistic wellness - through our MeeCare Program - encompassing benefits and policies across physical, mental, financial, and social wellness aspects. This includes extensive medical insurance benefits for employees and their families, wellness initiatives like telehealth, wellness events, and gym & recreational discounts etc. To support work-life balance, we provide generous leave policies, parental support benefits, retirement benefits, and learning and development assistance. Through gratitude for stretched work, personalized gifts, engagement & fun at work - we promote employee delight at the workplace. Many other benefits such as salary advance support, relocation assistance, and flexible benefits plans further enrich the Meesho employee experience.
Know more about Meesho here : https://www.meesho.io/
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
3
1
0
Category:
Security Engineering Jobs
Tags: Android APIs Application security AWS CI/CD Cloud DevSecOps Docker E-commerce Firewalls GCP GIAC GWAPT iOS Java Jenkins Node.js Offensive security Pentesting Product security Python SAML SAST SDLC SSO Vulnerabilities
Perks/benefits: Career development Conferences Equity / stock options Health care Medical leave Parental leave Relocation support Salary bonus Startup environment Team events Wellness
Region:
Asia/Pacific
Country:
India
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Specialist jobsPenetration Tester jobsSenior Cyber Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsSenior Network Security Engineer jobsInformation System Security Officer jobsCloud Security Architect jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsCybersecurity Consultant jobsSenior Information Security Engineer jobsInformation System Security Officer (ISSO) jobsThreat Intelligence Analyst jobs
SaaS jobsSDLC jobsMalware jobsEncryption jobsRMF jobsForensics jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsFinance jobsDoDD 8570 jobsTerraform jobsBash jobsITIL jobsOWASP jobsCRISC jobsUNIX jobsGIAC jobsDocker jobsCompTIA jobsIntrusion detection jobs
TCP/IP jobsBanking jobsSANS jobsThreat detection jobsData Analytics jobsActive Directory jobsPolygraph jobsCCSP jobsOSCP jobsClearance Required jobsCyber defense jobsVPN jobsIT infrastructure jobsJavaScript jobsSOC 2 jobsAnsible jobsSOX jobsDNS jobsSOAR jobsJira jobsGCIH jobsSecurity strategy jobsOracle jobsNIST 800-53 jobsCryptography jobs