Security Engineer II - Meesho Bangalore, Karnataka Bookmark Share Print 149 0 0

Listing Description

About the Team 

The security team at Meesho is like the Avengers to Meesho's S.H.I.E.L.D. After all, when 5% of Indian households shop with us, it’s important to build resilient systems to manage millions of orders every day. We’ve done this – with zero downtime! 😎 Sounds impossible? Well, that’s the kind of Engineering muscle that has helped Meesho become the e-commerce giant it is today. We value speed over perfection, and see failures as opportunities to become better. We’ve taken steps to inculcate a strong ‘Founder’s Mindset’ across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication.

As a Security Engineer, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we aren’t building unparalleled tech solutions, you can find us debating the plot points of our favorite books and games – or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us.

About the Role 

As our Security Engineer II, you’ll ensure Meesho’s products and services are safe and secure in production environments. On a typical day, you will bolster the security of our applications with a focus on automation and threat modeling. Engage in detailed manual source code reviews and exploit your comprehensive knowledge in web, API, and mobile application security. Drive the integration of security within our DevOps processes, ensuring early identification and resolution of security issues in the development cycle.

Your role is pivotal in communicating intricate security threats, providing clear solutions, and enhancing the overall security framework of our organization. Your commitment will ensure the robust protection of our assets and the successful secure delivery of our projects.

What you will do
  • Scripting and Automation: Identify automation opportunities and develop new tools to automate security test cases. Proficiently create and optimize scripts (Python, Bash, or Perl) for enhancing security systems and processes. Develop and implement automation frameworks to integrate security tasks into the development lifecycle.
  • Manual Source Code Review: Conduct detailed source code reviews, preferably in Java, Python, Node.js, and React.js, to pinpoint security flaws. Collaborate with development teams to reinforce secure coding practices. Offer practical and detailed feedback for security issue mitigation.
  • DevSecOps: Assimilate security tools and processes into the CI/CD pipeline. Partner with DevOps and engineering teams for secure code deployment. Collaborate with fellow security engineers to automate security scanning and testing, enhance security within the DevOps pipeline, and address security concerns early in the development lifecycle. Foster a robust security culture through training and awareness initiatives.
  • Threat Modeling: Direct threat modeling sessions to outline potential security threats and ensure security by design. Provide key security insights and integrate threat modeling feedback into product design. Use industry-standard threat modeling tools for risk assessment and timely threat mitigation.
  • Web/ Mobile Applications Penetration Testing: Execute thorough security assessments of Web, APIs & Mobile(Android & IOS) applications. Leverage a range of both commercial and open-source tools, techniques, and standards including OWASP, MASVS, and others to assess the security stance of web and mobile applications. Collaborate with other stakeholders for timely vulnerability remediation in Web, APIs & Mobile(Android & IOS) applications

    • What you will need
  • Educational Qualification: Bachelor's/Master's degree in Engineering or a related technical field.
  • Work Experience: Minimum 3-5 years of demonstrable experience specifically in DevSecOps, securing applications, driving automation, and conducting thorough threat modeling exercises.
  • Technical Skills: Proven scripting experience, proficient in languages such as Python, Bash, or Perl. Familiarity with Java, JavaScript, Python, NodeJS, or ReactJS. In-depth knowledge and practical experience in the securing web, APIs, and mobile applications, along with a solid understanding of associated frameworks and tools.
  • Core Competencies: Strong analytical and problem-solving abilities. Exceptional communication skills for effective cross-functional collaboration. Proven experience in conducting and leading threat modeling exercises. Solid understanding of threat modeling methodologies and tools. Demonstrated experience in manual source code review and vulnerability assessment. Ability to clearly communicate complex security threats and recommendations. Proven experience in seamlessly integrating security into DevOps processes. Familiarity with CI/CD tools, processes, and best practices. Proficiency in security automation and tools integration.
  • Plusses: Experience with various Linux Flavors and Cloud Infra Security issues in Cloud Technologies (AWS & GCP).Practical experience with Docker and containerization technologies. Solid understanding of Information Security Principles and cryptography fundamentals.
    • About Meesho

    Meesho is India’s fastest growing e-commerce company. We started in 2015 with the idea of helping mom & pop stores to sell online. Today, 5% of Indian households shop with us on any given day 😎. We’ve helped over 15 million individual entrepreneurs start online businesses with zero investment. We’re democratising internet commerce by offering a 0% commission model for sellers on our platform — a first for India. We aim to become the e-commerce destination for Bharat. How? Find out from our blogs!

    We’re currently valued at $4.9 billion with marquee investors supporting our vision. Some of them include Sequoia Capital, Softbank, Fidelity, Prosus Ventures, Facebook and Elevation Capital. We were also featured in Y Combinator’s 2021 Top Companies List, and were the only Indian startup to make it to Fast Company’s The World’s 50 Most Innovative Companies in 2020. We ranked 6th in Linkedin’s Top Startups List 2021. Our strongest asset is our people. We have gender-neutral and inclusive policies to promote our people-first culture. Please check out meesho. careers for our openings.

    Our Mission 
     Democratise internet commerce for everyone

    Our Purpose
    Har Indian ka APNA MARKET

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!