Job Description

Our Story

Zepto is a fast-growing startup that delivers groceries in 10 minutes flat through an optimized network of dark stores that we\'re building across the country! We\xe2\x80\x99re scaling up rapidly across India with operations live across Mumbai, Bangalore, Delhi, Noida, Ghaziabad, Gurgaon, Chennai, Pune, Kolkata, and Hyderabad.

We are incredibly well funded \xe2\x80\x93 we recently announced fundraising from Indian and Global investors that include Y Combinator, Nexus Venture Partners, Glade Brook, and more! We\xe2\x80\x99ve also built out one of the best startup teams in India, with Senior Executives from Uber, Flipkart, Dream11, and institutions like Stanford, INSEAD, IIM, and IIT.

Engineering @ Zepto

Building for scale, rapid iterative development, and customer-centric product thinking at each step define every day for a Zepto engineer. If building technology that impacts millions, brainstorming with some of the best minds in the country, executing at lightning speed, product-driven thinking, and owning your work from start to finish excites you, then Zepto is the right place for you.

Primary Responsibilities

• Review and assess the company and third-party partners on the overall security posture
• Oversee vulnerability scanning, testing, and validation and make tool/solution recommendations to the security team
• Guides and performs security activities including penetration testing and vulnerability analysis, audits and assessments, code review, static and dynamic testing, and ethical hacking
• Implementing code review processes and tooling and being a trusted advisor to the Engineering teams on secure coding practices
• Protect the company and its customers by identifying threats to user experience and user data while proposing mitigations and defenses
• Plan and execute hardening endpoints, containers, APIs, applications, operating systems (e.g., Linux), and AWS cloud environments
• Manage and review perimeter defenses, such as firewalls, WAFs, and IDPS
• Participate as a key hands-on member in cybersecurity incident response and recovery activities

• Engineers with a computer science background that focus on security
• Deep understanding of security fundamentals, including operating systems, networking, virtualization, identity and access management, security countermeasures, threat modeling, and other risk identification techniques
• Deep understating of API security and its security posture
• Strong understanding of Application Security testing, OAuth frameworks, OWASP top 10, and Penetration Testing
• Perform iterative threat and vulnerability assessments and pen tests for re-assessments throughout a product\xe2\x80\x99s lifetime
• Familiarity using AWS Cloud Services (EC2, S3, SQS, API Gateway, RDS, Lambda, CloudFront, CloudFormation, CloudWatch, Route53, etc.), Docker, K8, etc.
• Experience with Firewall, IDS/IPS, WAF (Web Application Firewall) preferred
• Strong working knowledge of Linux Operating Systems
• Scripting skills (e.g. Python, Go, Shell scripting)
• Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection
• Worked in a startup environment with high levels of ownership and commitment

Zwayam