Security Engineer II

About the Team 
The security team at Meesho is like the Avengers to Meesho's S.H.I.E.L.D. After all, when 5% of Indian households shop with us, it’s important to build resilient systems to manage millions of orders every day. We’ve done this – with zero downtime! 😎 Sounds impossible? Well, that’s the kind of Engineering muscle that has helped Meesho become the e-commerce giant it is today. We value speed over perfection, and see failures as opportunities to become better.
We’ve taken steps to inculcate a strong ‘Founder’s Mindset’ across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As a Security Engineer, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we aren’t building unparalleled tech solutions, you can find us debating the plot points of our favorite books and games – or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us.
About the Role 
As our Security Engineer II, your primary focus will be on enhancing the security of Meesho's products and services, with particular attention to mobile security, red teaming, and threat modeling. You'll conduct thorough threat modeling exercises and actively participate in red teaming simulations to identify vulnerabilities and assess our security defenses. Leveraging your expertise in web, API, and mobile application security, you'll provide actionable recommendations to mitigate risks effectively. Clear communication of complex security threats and solutions to stakeholders will be essential in driving security improvements. Your dedication to excellence will ensure the robust protection of Meesho's assets and the successful delivery of projects with heightened security measures.

What you will do

• Conduct comprehensive security assessments of iOS and Android mobile applications using the OWASP, MASVS framework to uncover vulnerabilities.
• Utilize static and dynamic analysis techniques to identify security vulnerabilities like insecure data storage, inadequate cryptography, flawed session management, insecure communication channels, etc.
• Collaborate closely with the development teams to embed security best practices into the software development lifecycle (SDLC).
• Plan, coordinate, and execute red team exercises to simulate real-world cyber attacks and assess the effectiveness of our organization's security defenses.
• Develop and implement sophisticated attack scenarios, tactics, and techniques to identify weaknesses in our security controls and incident response capabilities.
• Provide actionable recommendations and remediation strategies based on red team findings to enhance the organization's overall security posture.
• Lead threat modeling sessions to outline potential security threats, provide key security insights, integrate threat modeling feedback into product design, use industry-standard tools for risk assessment and mitigation, and collaborate with cross-functional teams to address security concerns throughout the SDLC.
• Execute thorough security assessments of Web and API endpoints to identify vulnerabilities, evaluate the effectiveness of security controls (authentication, authorization, input validation, encryption, session management, etc), apply industry-standard frameworks (OWASP Top 10, API Security Top 10, NIST), and foster a robust security culture through training and awareness initiatives.

What you will need

• Educational Qualification:
• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• Work Experience:
• Minimum 3-5 years of experience in cybersecurity roles, with a focus on mobile security, threat modeling, red teaming.
• Technical Skills:
• Strong understanding of mobile application security principles, best practices, and common attack vectors.
• Experience with threat modeling methodologies and tools.
• Hands-on experience planning and executing red team exercises, including attack simulation, reconnaissance, and post-exploitation activities.
• Core Competencies:
• Strong analytical and problem-solving abilities.
• Exceptional communication skills for effective cross-functional collaboration.
• Demonstrated experience in conducting SAST and DAST of Android and iOS applications.
• Familiarity with tools like Frida, Objection, ADB, Drozer, and MobSF, etc.
• Proven track record in planning, coordinating, and executing red team exercises.
• Proven experience in conducting and leading threat modeling exercises.
• Solid understanding of threat modeling methodologies and tools.
• Strong expertise in conducting thorough security assessments of web and API endpoints.
• Familiarity with CI/CD tools, security automation processes, and tools integration.

Work Experience:

• Minimum 3-5 years of experience in cybersecurity roles, with a focus on mobile security, threat modeling, red teaming.

Technical Skills:

• Strong understanding of mobile application security principles, best practices, and common attack vectors.
• Experience with threat modeling methodologies and tools.
• Hands-on experience planning and executing red team exercises, including attack simulation, reconnaissance, and post-exploitation activities.

Core Competencies:

• Strong analytical and problem-solving abilities.
• Exceptional communication skills for effective cross-functional collaboration.
• Demonstrated experience in conducting SAST and DAST of Android and iOS applications.
• Familiarity with tools like Frida, Objection, ADB, Drozer, and MobSF, etc.
• Proven track record in planning, coordinating, and executing red team exercises.
• Proven experience in conducting and leading threat modeling exercises.
• Solid understanding of threat modeling methodologies and tools.
• Strong expertise in conducting thorough security assessments of web and API endpoints.
• Familiarity with CI/CD tools, security automation processes, and tools integration.