security engineer iv

Bengaluru full-time

Job description

As a Security Engineer 4 at Meesho, you will ensure product security throughout the development lifecycle, including threat modeling, security tool integration in CI/CD pipelines, and conducting VAPT. You're expected to have expertise in application security, DevSecOps, and proficiency with programming languages like Java, React, Node.js, and Python.

Responsibility

  • Lead and manage all aspects of the Secure Software Development Lifecycle (SDLC).
  • Implement and manage security tools within the CI/CD pipeline (DevSecOps).
  • Conduct and oversee VAPT for web applications, APIs, iOS, and Android apps.
  • Perform threat modeling, design, and architecture reviews to identify potential risks.
  • Execute manual source code reviews and enhance security in production environments.
  • Manage and optimize a self-managed bug bounty program.
  • Provide security architectural guidance to Engineering and IT teams.
  • Manage issues identified from penetration tests and bug bounty programs.
  • Lead security training and awareness campaigns across the organization.
  • Manage Web Application Firewalls (WAF) to ensure robust protection.
  • Engage in the Security Champions program to integrate security practices within teams.
  • Assist in creating and maintaining Security Risk Models for both new and existing systems.

Qualifications

  • 7+ years of experience in product security with a focus on application security and DevSecOps.
  • Proficiency in programming languages such as Java, React, Node.js, and Python.
  • Hands-on experience with manual source code reviews and securing production code.
  • Expertise in deploying and managing security tools in CI/CD pipelines.
  • Experience with cloud platforms like AWS or GCP, and their security tools.
  • Experience with Docker and containerization technologies is highly desirable.
  • Additional experience in infrastructure security, particularly in GCP, Docker, and containerization, is a bonus.
  • Relevant certifications such as GIAC Web Application Penetration Tester (GWAPT), OffSec’s Advanced Web Attacks and Exploitation (WEB-300), etc.

Job Summary

Sign in to Apply

Last Seen: 2024-10-16

Job Type: full-time

Location: Bengaluru

First Seen: 2024-08-21

Company Summary

Meesho is a social commerce platform headquartered in India that enables small businesses and individuals to start their online stores via social channels. Founded in 2015, it has rapidly become a significant player in the e-commerce space by providing cost-effective, innovative, and inclusive solutions for entrepreneurs.