Security Engineer - IV
About the TeamThe security team at Meesho is like the Avengers to Meesho's S.H.I.E.L.D. After all, when 5% of Indian households shop with us, it’s important to build resilient systems to manage millions of orders every day. We’ve done this – with zero downtime! 😎 Sounds impossible? Well, that’s the kind of Engineering muscle that has helped Meesho become the e-commerce giant it is today. We value speed over perfection, and see failures as opportunities to become better. We’ve taken steps to inculcate a strong ‘Founder’s Mindset’ across our engineering teams, making us grow and movefast.We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As Security Engineer, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we aren’t building unparalleled tech solutions, you can find us debating the plot points of our favourite books and games – or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us.About the Role As the leader of our Cloud Security Engineering division at Meesho, you will wield your advanced expertise to conceptualize, execute, and uphold robust security protocols, safeguarding our enterprise-grade cloud infrastructure and invaluable data assets. Your leadership will galvanize our team in formulating and enforcing top-tier security paradigms, ensuring strict adherence to industry benchmarks, and proactively neutralizing potential
What you will do
- Leadership and Team Oversight: Spearhead a cohort of adept cloud security engineers, providing adept guidance, mentorship, and fostering a culture of collective expertise.Articulate team objectives, delegate assignments, and oversee the seamless execution of projects, ensuring punctual and superlative delivery of security undertakings.
- Strategizing Cloud Security: Pioneering the formulation and execution of a comprehensive cloud security roadmap, closely aligned with our organizational aspirations and compliance imperatives.Identifying nascent security patterns and cutting-edge technologies to fortify our cloud security frontiers.
- Architectural Design and Execution: Mastermind, institute, and uphold security controls and solutions spanning diverse cloud platforms (AWS, GCP a must).Codify and enforce security protocols, benchmarks, and methodologies tailored to the dynamic cloud milieu.Conduct penetration testing in line with Open Web Application Security Project (OWASP)Incident Mitigation and Threat Management:1. Engineer and sustain a responsive blueprint for handling cloud-specific security incidents.Direct inquiries into security breaches, dissecting root causes, and devising apt courses of remediation.Risk Scrutiny and Regulatory Adherence:Routinely scrutinize cloud landscapes for risk factors, pinpointing vulnerabilities and proffering nuanced risk alleviation strategies.Unwaveringly uphold alignment with pertinent statutes (e.g., GDPR, HIPAA) and industry benchmarks (e.g., CIS, NIST) within the domain of cloud security.
- Automated Vigilance and Monitoring: Instigate security automation and orchestration methodologies for optimizing security maneuvers and riposte.Forge and nurture a foolproof security surveillance system, primed to identify and thwart real-time threats.
- Synergy and Communication: Cultivate synergies with multifunctional units, encompassing DevOps, SRE , IT, and software development, for the seamless infusion of security tenets throughout the software development lifecycle.Diligently translate intricate security precepts for consumption by non- technical stakeholders and the executive echelon.
What you will need
- Bachelor's degree in Computer Science, Information Security, or a discipline.A Master's degree would be advantageous.
- Proven track record (8+ years) as a cloud security engineer, with an emphasis on fortifying cloud-native systems and infrastructures.
- Proficiency across cloud platforms such as AWS or GCP, alongside a nuanced command of their inherent security toolkits.
- Mastery in scripting or coding languages (e.g.,Golang, Python, NodeJS) for steering security automation endeavors.
- Profound familiarity with security frameworks, protocols, and regulatory requisites.
- Hands-on familiarity with security appraisal tools, vulnerability scans, and penetration testing.
- Understanding of SSL Handshake and Certificates, DNS, and DHC and Network troubleshooting.In-depth understanding of OWASP top 10 vulnerabilities.
- Proficiency in Security Pen Testing methodologies including automated scans and manual methods.
- Knowledge of at least one automated testing suite such as Burp, Nexpose, ZAP.Experience with Docker and containerisation technologies.
- Understanding of cryptography fundamentals. Exceptional leadership mettle, combined with excellent communication and interpersonal adeptness.
- Should have handled / mentored a team of 4+ professionals. Relevant certifications such as Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), AWS Certified Security – Specialty, etc.
- Adaptability to high-paced environments and deftness in managing concurrent priorities.