Meesho - Security Engineer II - Vulnerability Management (3-5 yrs)

About the Role

As our Security Engineer II, your primary focus will be on enhancing the security of Meeshos products and services, with particular attention to vulnerability assessment, patch management, purple teaming, incident detection and response in cloud environments.

Leveraging your expertise in infrastructure security, you will conduct thorough security assessments across cloud environments and assist in mitigating the identified misconfigurations or vulnerabilities in our systems. Clear communication of complex security threats and solutions to stakeholders will be essential in driving security improvements.

Your dedication to excellence will ensure the robust protection of Meesho's assets and the successful delivery of projects with heightened security measures.

What you will do :

- Conduct security assessments and assist in mitigating the identified misconfigurations or vulnerabilities in the systems.

- Own and manage security tools like CNAPP, SIEM. Reduce false-positives, correctly prioritize the flagged issues and mitigate them.

- Review access controls across cloud environments, mitigate security risks and follow the principle of least privilege.

- Ensure cloud environments comply with ISO-27001:2022, CIS benchmarks and industry standards.

- Perform attack simulation, log analysis, incident detection and response, and create custom detection rules.

- Enhance security aspects of CI/CD pipeline, WAF, OS, container technologies.

- Take new initiatives to enhance the infrastructure security posture of Meesho.

What you will need :

- Bachelors or Masters degree in Computer Science, Information Security, or related field.

- Minimum 3-5 years of experience in cybersecurity roles, with a focus on infrastructure/cloud security.

- Experience with GCP (preferred) or other CSPs.

- Experience with Docker, Kubernetes and OS security hardening aspects.

- Experience with 0-day vulnerability response and deploying security patches.

- Experience with WAF (Akamai, Cloudflare).Experience with managing security tools like CNAPP, SIEM.

- Hands-on experience planning and executing red team exercises, including attack simulation,

reconnaissance and post-exploitation activities.

- Understanding of ISO-27001:2022, CIS benchmarks.

- Experience with performing IAM/access control review and following the principle of least privilege.

- Familiarity with CI/CD tools, security automation processes, and tools integration.

- Strong scripting skills to automate security tasks.

- Experience with Terraform, Jenkins, ArgoCD.CTFs, Bug Bounties, CVEs will be a big plus.

- Strong analytical and problem-solving abilities.

- Exceptional communication skills for effective cross-functional collaboration.