Our Story
Zepto is a fast-growing startup that delivers groceries in 10 minutes flat through an optimized network of dark stores that we're building across the country! We're scaling up rapidly across India with operations live across Mumbai, Bangalore, Delhi, Noida, Ghaziabad, Gurgaon, Chennai, Pune, Kolkata, and Hyderabad.
We are incredibly well funded - we recently announced fundraising from Indian and Global investors that include Y Combinator, Nexus Venture Partners, Glade Brook, and more! We've also built out one of the best startup teams in India, with Senior Executives from Uber, Flipkart, Dream11, and institutions like Stanford, INSEAD, IIM, and IIT.
Engineering @ Zepto
Building for scale, rapid iterative development, and customer-centric product thinking at each step define every day for a Zepto engineer. If building technology that impacts millions, brainstorming with some of the best minds in the country, executing at lightning speed, product-driven thinking, and owning your work from start to finish excites you, then Zepto is the right place for you.
Primary Responsibilities
Review and assess the company and third-party partners on the overall security posture
Oversee vulnerability scanning, testing, and validation and make tool/solution recommendations to the security team
Guides and performs security activities including penetration testing and vulnerability analysis, audits and assessments, code review, static and dynamic testing, and ethical hacking
Implementing code review processes and tooling and being a trusted advisor to the Engineering teams on secure coding practices
Protect the company and its customers by identifying threats to user experience and user data while proposing mitigations and defenses
Plan and execute hardening endpoints, containers, APIs, applications, operating systems (e.g., Linux), and AWS cloud environments
Manage and review perimeter defenses, such as firewalls, WAFs, and IDPS
Participate as a key hands-on member in cybersecurity incident response and recovery activities
What We Are Looking For
Engineers with a computer science background that focus on security
Deep understanding of security fundamentals, including operating systems, networking, virtualization, identity and access management, security countermeasures, threat modeling, and other risk identification techniques
Deep understating of API security and its security posture
Strong understanding of Application Security testing, OAuth frameworks, OWASP top 10, and Penetration Testing
Perform iterative threat and vulnerability assessments and pen tests for re-assessments throughout a product's lifetime
Familiarity using AWS Cloud Services (EC2, S3, SQS, API Gateway, RDS, Lambda, CloudFront, CloudFormation, CloudWatch, Route53, etc.), Docker, K8, etc.
Experience with Firewall, IDS/IPS, WAF (Web Application Firewall) preferred
Strong working knowledge of Linux Operating Systems
Scripting skills (e.g. Python, Go, Shell scripting)
Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection
Worked in a startup environment with high levels of ownership and commitment
Full time