The Job logo

What

Where

Security Engineer II

ApplyJoin for More Updates

You must Sign In before continuing to the company website to apply.

Smart SummaryPowered by Roshi
As our Security Engineer II, you will ensure Meesho’s products and services are safe and secure in production environments. You will drive the integration of security within our DevOps processes, conduct manual code reviews, and identify and mitigate security threats. Your commitment will ensure robust protection and secure project delivery.

About the Role 

As our Security Engineer II, you’ll ensure Meesho’s products and services are safe and secure in production environments. On a typical day, you will bolster the security of our applications with a focus on automation and threat modeling. Engage in detailed manual source code reviews and exploit your comprehensive knowledge in web, API, and mobile application security. Drive the integration of security within our DevOps processes, ensuring early identification and resolution of security issues in the development cycle.

Your role is pivotal in communicating intricate security threats, providing clear solutions, and enhancing the overall security framework of our organization. Your commitment will ensure the robust protection of our assets and the successful secure delivery of our projects.

What you will do
  • Scripting and Automation: Identify automation opportunities and develop new tools to automate security test cases. Proficiently create and optimize scripts (Python, Bash, or Perl) for enhancing security systems and processes. Develop and implement automation frameworks to integrate security tasks into the development lifecycle.
  • Manual Source Code Review: Conduct detailed source code reviews, preferably in Java, Python, Node.js, and React.js, to pinpoint security flaws. Collaborate with development teams to reinforce secure coding practices. Offer practical and detailed feedback for security issue mitigation.
  • DevSecOps: Assimilate security tools and processes into the CI/CD pipeline. Partner with DevOps and engineering teams for secure code deployment. Collaborate with fellow security engineers to automate security scanning and testing, enhance security within the DevOps pipeline, and address security concerns early in the development lifecycle. Foster a robust security culture through training and awareness initiatives.
  • Threat Modeling: Direct threat modeling sessions to outline potential security threats and ensure security by design. Provide key security insights and integrate threat modeling feedback into product design. Use industry-standard threat modeling tools for risk assessment and timely threat mitigation.
  • Web/ Mobile Applications Penetration Testing: Execute thorough security assessments of Web, APIs & Mobile(Android & IOS) applications. Leverage a range of both commercial and open-source tools, techniques, and standards including OWASP, MASVS, and others to assess the security stance of web and mobile applications. Collaborate with other stakeholders for timely vulnerability remediation in Web, APIs & Mobile(Android & IOS) applications
What you will need
  • Educational Qualification: Bachelor's/Master's degree in Engineering or a related technical field.
  • Work Experience: Minimum 3-5 years of demonstrable experience specifically in DevSecOps, securing applications, driving automation, and conducting thorough threat modeling exercises.
  • Technical Skills: Proven scripting experience, proficient in languages such as Python, Bash, or Perl. Familiarity with Java, JavaScript, Python, NodeJS, or ReactJS. In-depth knowledge and practical experience in the securing web, APIs, and mobile applications, along with a solid understanding of associated frameworks and tools.
  • Core Competencies: Strong analytical and problem-solving abilities. Exceptional communication skills for effective cross-functional collaboration. Proven experience in conducting and leading threat modeling exercises. Solid understanding of threat modeling methodologies and tools. Demonstrated experience in manual source code review and vulnerability assessment. Ability to clearly communicate complex security threats and recommendations. Proven experience in seamlessly integrating security into DevOps processes. Familiarity with CI/CD tools, processes, and best practices. Proficiency in security automation and tools integration.
  • Plusses: Experience with various Linux Flavors and Cloud Infra Security issues in Cloud Technologies (AWS & GCP).Practical experience with Docker and containerization technologies. Solid understanding of Information Security Principles and cryptography fundamentals.
Set alert for similar jobsSecurity Engineer II role in Bengaluru, India
Meesho Logo

Company

Meesho

Job Posted

a year ago

Job Type

Full-time

WorkMode

On-site

Experience Level

3-7 Years

Category

Technology

Locations

Bengaluru, Karnataka, India

Qualification

Bachelor

Applicants

Be an early applicant

Related Jobs

Zeta Logo

Cloud Security Engineer II

Zeta

Bengaluru, Karnataka, India

Posted: a year ago

This role is part of the Information Security Team in Zeta's Engineering division. We are looking for a Cloud Security engineer to secure and automate our environment, set processes, and guide developers and DevOps teams. Your responsibility includes hardening infrastructure, threat management, and ensuring the security of our applications. Join us in making Zeta applications and infrastructure secure!

Meesho Logo

Security Engineer - IV

Meesho

Bangalore Urban, Karnataka, India

Posted: a year ago

JOB DESCRIPTION Bangalore, Karnataka | Tech APPLY NOW About the Team The security team at Meesho is like the Avengers to Meesho's S.H.I.E.L.D. After all, when 5% of Indian households shop with us, it’s important to build resilient systems to manage millions of orders every day. We’ve done this – with zero downtime! 😎 Sounds impossible? Well, that’s the kind of Engineering muscle that has helped Meesho become the e-commerce giant it is today. We value speed over perfection, and see failures as opportunities to become better. We’ve taken steps to inculcate a strong ‘Founder’s Mindset’ across our engineering teams, making us grow and move fast.We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As Security Engineer, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we aren’t building unparalleled tech solutions, you can find us debating the plot points of our favourite books and games – or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us. About the Role As the leader of our Cloud Security Engineering division at Meesho, you will wield your advanced expertise to conceptualize, execute, and uphold robust security protocols, safeguarding our enterprise-grade cloud infrastructure and invaluable data assets. Your leadership will galvanize our team in formulating and enforcing top-tier security paradigms, ensuring strict adherence to industry benchmarks, and proactively neutralizing potential What you will do Leadership and Team Oversight: Spearhead a cohort of adept cloud security engineers, providing adept guidance, mentorship, and fostering a culture of collective expertise.Articulate team objectives, delegate assignments, and oversee the seamless execution of projects, ensuring punctual and superlative delivery of security undertakings. Strategizing Cloud Security : Pioneering the formulation and execution of a comprehensive cloud security roadmap, closely aligned with our organizational aspirations and compliance imperatives.Identifying nascent security patterns and cutting-edge technologies to fortify our cloud security frontiers. Architectural Design and Execution: Mastermind, institute, and uphold security controls and solutions spanning diverse cloud platforms (AWS, GCP a must).Codify and enforce security protocols, benchmarks, and methodologies tailored to the dynamic cloud milieu.Conduct penetration testing in line with Open Web Application Security Project (OWASP)Incident Mitigation and Threat Management:1. Engineer and sustain a responsive blueprint for handling cloud-specific security incidents.Direct inquiries into security breaches, dissecting root causes, and devising apt courses of remediation.Risk Scrutiny and Regulatory Adherence:Routinely scrutinize cloud landscapes for risk factors, pinpointing vulnerabilities and proffering nuanced risk alleviation strategies.Unwaveringly uphold alignment with pertinent statutes (e.g., GDPR, HIPAA) and industry benchmarks (e.g., CIS, NIST) within the domain of cloud security. Automated Vigilance and Monitoring: Instigate security automation and orchestration methodologies for optimizing security maneuvers and riposte.Forge and nurture a foolproof security surveillance system, primed to identify and thwart real-time threats. Synergy and Communication: Cultivate synergies with multifunctional units, encompassing DevOps, SRE , IT, and software development, for the seamless infusion of security tenets throughout the software development lifecycle.Diligently translate intricate security precepts for consumption by non- technical stakeholders and the executive echelon. What you will need Bachelor's degree in Computer Science, Information Security, or a discipline.A Master's degree would be advantageous. Proven track record (8+ years) as a cloud security engineer, with an emphasis on fortifying cloud-native systems and infrastructures. Proficiency across cloud platforms such as AWS or GCP, alongside a nuanced command of their inherent security toolkits. Mastery in scripting or coding languages (e.g.,Golang, Python, NodeJS) for steering security automation endeavors. Profound familiarity with security frameworks, protocols, and regulatory requisites. Hands-on familiarity with security appraisal tools, vulnerability scans, and penetration testing. Understanding of SSL Handshake and Certificates, DNS, and DHC and Network troubleshooting.In-depth understanding of OWASP top 10 vulnerabilities. Proficiency in Security Pen Testing methodologies including automated scans and manual methods. Knowledge of at least one automated testing suite such as Burp, Nexpose, ZAP.Experience with Docker and containerisation technologies. Understanding of cryptography fundamentals. Exceptional leadership mettle, combined with excellent communication and interpersonal adeptness. Should have handled / mentored a team of 4+ professionals. Relevant certifications such as Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), AWS Certified Security – Specialty, etc. Adaptability to high-paced environments and deftness in managing concurrent priorities. About Meesho Meesho is India’s fastest growing e-commerce company. We started in 2015 with the idea of helping mom & pop stores to sell online. Today, 5% of Indian households shop with us on any given day 😎. We’ve helped over 15 million individual entrepreneurs start online businesses with zero investment. We’re democratising internet commerce by offering a 0% commission model for sellers on our platform — a first for India. We aim to become the e-commerce destination for Bharat. How? Find out from our blogs ! We’re currently valued at $4.9 billion with marquee investors supporting our vision. Some of them include Sequoia Capital, Softbank, Fidelity, Prosus Ventures, Facebook and Elevation Capital. We were also featured in Y Combinator’s 2021 Top Companies List , and were the only Indian startup to make it to Fast Company’s The World’s 50 Most Innovative Companies in 2020. We ranked 6th in Linkedin’s Top Startups List 2021 . Our strongest asset is our people. We have gender-neutral and inclusive policies to promote our people-first culture. Please check out meesho. careers for our openings. Our Mission    Democratise internet commerce for everyone Our Purpose Har Indian ka APNA MARKET