Security Engineer II
Bangalore, Karnataka
About the Team
At Meesho, the Product Security team is at the forefront of protecting our platform and the 5% of Indian households who shop with us daily. We are a team of proactive builders and defenders who thrive on collaboration and a 'Founder's Mindset'. We believe in moving fast, learning from every challenge, and supporting each other's growth through open communication and mentorship. We work hard to secure the massive scale of Meesho's e-commerce platform, and we have fun doing it. If you're a self-starter who enjoys solving complex problems and wants to make a real-world impact, you'll fit right in.
About the Role
As a Security Engineer 2, you will be a key player in maturing our product security posture. You won't just find vulnerabilities; you'll help us build more secure products from the ground up. Your work will directly protect our customers and the business by focusing on offensive security testing, proactive threat modeling, and embedding security into our development lifecycle and company culture.
At Meesho, the Product Security team is at the forefront of protecting our platform and the 5% of Indian households who shop with us daily. We are a team of proactive builders and defenders who thrive on collaboration and a 'Founder's Mindset'. We believe in moving fast, learning from every challenge, and supporting each other's growth through open communication and mentorship. We work hard to secure the massive scale of Meesho's e-commerce platform, and we have fun doing it. If you're a self-starter who enjoys solving complex problems and wants to make a real-world impact, you'll fit right in.
About the Role
As a Security Engineer 2, you will be a key player in maturing our product security posture. You won't just find vulnerabilities; you'll help us build more secure products from the ground up. Your work will directly protect our customers and the business by focusing on offensive security testing, proactive threat modeling, and embedding security into our development lifecycle and company culture.
What you will do
- Application Security Testing: Conduct comprehensive security assessments (VAPT) of our web platforms, APIs, network and mobile applications (iOS & Android) to identify and mitigate vulnerabilities.
- Offensive Security: Plan and execute red team and purple team exercises to simulate real-world attacks, test our defenses, and provide actionable recommendations to improve our security posture.
- Threat Modeling: Lead threat modeling sessions for new and existing features, collaborating with engineering teams to identify potential threats in the design phase and integrate security requirements into the product lifecycle.
- DevSecOps & Automation: Enhance our CI/CD pipeline by integrating security tools (SAST, DAST, IAST). Develop and implement hands-on security automation to streamline security processes and improve our detection and response capabilities.
- Security Culture & Awareness: Drive key security culture initiatives, including managing the Security Champions program, conducting phishing simulations, and delivering developer awareness training sessions.
- Risk & Compliance: Contribute to compliance and risk management efforts, such as ISO 27001 readiness, third-party risk management (TPRM), and Business Continuity/Business Impact Analysis (BCP/BIA).
- Security Partnership: Act as a security subject matter expert for developers, providing guidance on secure coding practices, vulnerability remediation, and security best practices through code reviews and consultations.
- Code Review: Perform manual and automated code reviews to identify security-critical bugs.
- Bug Bounty: Assist in managing our bug bounty program, including triaging submissions and engaging with security researchers.
What You Will Need
- Experience: 3-5 years of hands-on experience in a product security or application security role.
- Education: A Bachelor's or Master's degree in Computer Science, Information Security, or a related field is preferred.
- Mobile Security Expertise:
- Strong experience in mobile application security assessments for both Android and iOS.Proficiency with mobile security tools like Frida, Objection, Drozer, MobSF, ADB, etc.Deep understanding of the OWASP MASVS framework and mobile-specific vulnerabilities (insecure webview, insecure deeplink, insecure data storage, flawed cryptography, etc.).
- Web & API Security Expertise: Proven ability to perform security assessments on web applications and APIs, with a strong understanding of the OWASP Top 10 for both.
- Experience testing for complex vulnerabilities in authentication, authorization, session management, and business logic.
- Offensive Security & Threat Modeling: Demonstrated experience planning and executing red team exercises.
- Proven ability to lead threat modeling sessions and integrate findings into the SDLC.
- General Skills & Acumen: Strong analytical and problem-solving skills.Excellent communication skills, with the ability to explain complex security issues to both technical and non-technical audiences.
- Familiarity with DevSecOps principles and CI/CD pipeline security automation.
- (Bonus Points) Active participation in public or private bug bounty programs is a huge plus.
- Experience with security awareness initiatives (e.g., Security Champions) and compliance frameworks (e.g., ISO 27001, TPRM) is also highly desirable.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Category:
Security Engineering Jobs
Tags: Android APIs Application security Automation CI/CD Compliance Computer Science Cryptography DAST DevSecOps E-commerce IAST iOS ISO 27001 Mobile security Offensive security OWASP Product security Red team Risk management SAST SDLC Security assessment Vulnerabilities
Perks/benefits: Career development
Region:
Asia/Pacific
Country:
India
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Product Security Engineer jobsSecurity Operations Engineer jobsSenior Security Analyst jobsSystems Administrator jobsSenior Cybersecurity Engineer jobsSenior Information Security Analyst jobsCybersecurity Editor jobsCybersecurity Content Editor jobsCyber Security Specialist jobsInformation Security Manager jobsIT Security Analyst jobsSenior Network Security Engineer jobsSenior Information Security Engineer jobsSenior Product Security Engineer jobsInformation System Security Officer (ISSO) jobsSecurity Consultant jobsChief Information Security Officer jobsIT Security Engineer jobsInformation Systems Security Engineer jobsSecurity Specialist jobsSenior Cyber Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Software Engineer jobsCybersecurity Specialist jobsSenior IT Auditor jobs
EDR jobsTS/SCI jobsJava jobsEncryption jobsCEH jobsSplunk jobsTop Secret jobsSDLC jobsIDS jobsThreat detection jobsTerraform jobsIPS jobsMalware jobsFinance jobsRMF jobsSQL jobsDocker jobsForensics jobsSOC 2 jobsActive Directory jobsIntrusion detection jobsCompTIA jobsOWASP jobsITIL jobsTCP/IP jobs
HIPAA jobsCRISC jobsGIAC jobsAnsible jobsClearance Required jobsVPN jobsDoDD 8570 jobsMITRE ATT&CK jobsIT infrastructure jobsOSCP jobsJira jobsData Analytics jobsSOAR jobsDNS jobsSOX jobsJavaScript jobsBanking jobsUNIX jobsCCSP jobsIndustrial jobsZero Trust jobsCISO jobsGCIH jobsArtificial Intelligence jobsSANS jobs