Application Security Engineer

About Zepto Zepto is India's fastest-growing startup and the leader in quick-commerce grocery delivery. We're revolutionizing the industry with our groundbreaking platform and lightning-fast delivery promise. As a Senior Application Security Engineer at Zepto, you'll play a crucial role in securing the technology that powers our innovative service. What You’ll Do ● Conduct thorough penetration testing of our web applications, APIs, and mobile apps to identify vulnerabilities and provide detailed reports with risk analysis. ● Research, develop, and implement cutting-edge security automation solutions using scripting languages like Python to streamline testing processes, enhance coverage, and minimize manual effort. ● Collaborate closely with development teams to provide remediation guidance and ensure timely resolution of security issues within our rapid release cycles. ● Implement DevSecOps best practices and integrate security into our CI/CD pipeline, including SCA, SAST, secrets management, container image scanning, and microservices security. ● Apply threat modeling techniques to proactively identify and mitigate potential vulnerabilities at the design stage of our application architecture. ● Educate developers on secure coding practices, common vulnerabilities, and potential attack vectors to foster a security-focused mindset across the organization. ● Track and manage identified vulnerabilities through the remediation process, providing visibility into our overall security posture. ● Assist with security incident response as needed, contributing to root-cause analysis and swift resolution. ● Engage with stakeholders across different teams and pods, effectively communicating security findings, recommendations, and progress updates. What You’ll Need ● 2-5 years of experience in application security, penetration testing, or a related field. ● Strong penetration testing skills and expertise in using tools such as Burp Suite, Metasploit, Kali Linux, OWASP ZAP, and mobile security testing tools. ● Hands-on experience with DevSecOps practices and tooling, integrating security into the software development lifecycle. ● Deep understanding of common vulnerability classifications (OWASP Top 10, CWE, etc.), exploit techniques, and secure coding principles. ● Proficiency in scripting languages (e.g., Python) for developing security automation solutions. ● Excellent communication and collaboration abilities, with strong skills in cross-pod communication and stakeholder management. ● Passion for continuous learning and staying up-to-date with the latest trends and techniques in application security. ● Certifications such as OSCP, CRTP, or similar are a plus. ● Experience participating in or winning CTF competitions and having a good bug bounty track record is a plus. ● Familiarity with red teaming methodologies and techniques is advantageous. What We Offer ● Immense opportunities for learning and growth, tackling diverse security challenges across cutting-edge technologies. ● An open, collaborative environment where your ideas and contributions are valued and encouraged. ● Competitive compensation and benefits package commensurate with your experience and skills. ● The chance to make a significant impact on the security posture of India’s leading quick-commerce platform. If you’re a passionate and skilled application security professional with a strong background in penetration testing, DevSecOps practices, and security automation, we’d love to hear from you! Apply now and join us in securing the future of grocery delivery at Zepto. Show more Show less