Job
Description
As a Security Engineer at Meesho, you will play a crucial role in ensuring the security of our products throughout their development lifecycle. Your responsibilities will include participating in threat modeling and design reviews from the initial stages to identify potential risks. You will integrate and manage SAST tools within our CI/CD pipeline to ensure continuous security testing as code evolves. Additionally, you will lead and conduct vulnerability assessments and penetration testing (VAPT) to proactively uncover and address security vulnerabilities before they reach production. In this role, you will lead and manage all aspects of the Secure Software Development Lifecycle (SDLC) and implement security tools within the CI/CD pipeline following the DevSecOps approach. Your duties will also involve overseeing VAPT for various platforms such as web applications, APIs, iOS, and Android apps. You will be responsible for executing threat modeling, design, and architecture reviews to identify potential risks and enhancing security in production environments through manual source code reviews. Furthermore, you will manage and optimize a self-managed bug bounty program, provide security architectural guidance to Engineering and IT teams, and handle issues identified from penetration tests and bug bounty programs. You will lead security training and awareness campaigns across the organization, manage Web Application Firewalls (WAF) to ensure robust protection, and engage in the Security Champions program to integrate security practices within teams. Your role will also involve assisting in creating and maintaining Security Risk Models for both new and existing systems. To excel in this role, you should have at least 7 years of experience in product security with a focus on application security and DevSecOps. You must demonstrate proven experience in leading architectural changes or cross-team efforts to mitigate security vulnerabilities. Proficiency in programming languages such as Java, React, Node.js, and Python is essential, along with hands-on experience in manual source code reviews and securing production code. Expertise in deploying and managing security tools in CI/CD pipelines, experience with cloud platforms like AWS or GCP, and familiarity with Docker and containerization technologies are highly desirable. Candidates with additional experience in infrastructure security, particularly in GCP, Docker, and containerization, will be considered a bonus. Possessing relevant certifications such as GIAC Web Application Penetration Tester (GWAPT) or OffSec's Advanced Web Attacks and Exploitation (WEB-300) will be advantageous. A strong understanding of SSO protocols, experience speaking at meetups or conferences, and participation in bug bounty programs will also be beneficial for this role. At Meesho, we are committed to democratizing internet commerce for everyone and empowering small businesses to succeed online. If you are passionate about building impactful solutions with a fun and dynamic team, then this role is perfect for you. Join us at Meesho and be part of our journey in creating a positive impact in the e-commerce industry.,
