Lead Security Engineer

Our Story

Zepto is a fast-growing startup that delivers groceries in 10 minutes flat through an optimized network of dark stores that we're building across the country! We're scaling up rapidly across India with operations live across Mumbai, Bangalore, Delhi, Noida, Ghaziabad, Gurgaon, Chennai, Pune, Kolkata, and Hyderabad.

We are incredibly well funded - we recently announced fundraising from Indian and Global investors that include Y Combinator, Nexus Venture Partners, Glade Brook, and more! We've also built out one of the best startup teams in India, with Senior Executives from Uber, Flipkart, Dream11, and institutions like Stanford, INSEAD, IIM, and IIT.

Engineering @ Zepto

Building for scale, rapid iterative development, and customer-centric product thinking at each step define every day for a Zepto engineer. If building technology that impacts millions, brainstorming with some of the best minds in the country, executing at lightning speed, product-driven thinking, and owning your work from start to finish excites you, then Zepto is the right place for you.

Primary Responsibilities

Review and assess the company and third-party partners on the overall security posture

Oversee vulnerability scanning, testing, and validation and make tool/solution recommendations to the security team

Guides and performs security activities including penetration testing and vulnerability analysis, audits and assessments, code review, static and dynamic testing, and ethical hacking

Implementing code review processes and tooling and being a trusted advisor to the Engineering teams on secure coding practices

Protect the company and its customers by identifying threats to user experience and user data while proposing mitigations and defenses

Plan and execute hardening endpoints, containers, APIs, applications, operating systems (e.g., Linux), and AWS cloud environments

Manage and review perimeter defenses, such as firewalls, WAFs, and IDPS

Participate as a key hands-on member in cybersecurity incident response and recovery activities

What We Are Looking For

Engineers with a computer science background that focus on security

Deep understanding of security fundamentals, including operating systems, networking, virtualization, identity and access management, security countermeasures, threat modeling, and other risk identification techniques

Deep understating of API security and its security posture

Strong understanding of Application Security testing, OAuth frameworks, OWASP top 10, and Penetration Testing

Perform iterative threat and vulnerability assessments and pen tests for re-assessments throughout a product's lifetime

Familiarity using AWS Cloud Services (EC2, S3, SQS, API Gateway, RDS, Lambda, CloudFront, CloudFormation, CloudWatch, Route53, etc.), Docker, K8, etc.

Experience with Firewall, IDS/IPS, WAF (Web Application Firewall) preferred

Strong working knowledge of Linux Operating Systems

Scripting skills (e.g. Python, Go, Shell scripting)

Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection

Worked in a startup environment with high levels of ownership and commitment

Full time