Security Engineer

Job Description: Product Security Engineer

Team: Cybersecurity

Location: Bangalore, India

About Zepto

Zepto is revolutionizing e-commerce in India. As the country's fastest-growing quick-commerce company, we deliver groceries and essentials in 10 minutes flat. This speed is not just a promise; it's the result of a complex, high-throughput technology and operations backbone that operates at an unprecedented scale.

Our environment is defined by rapid innovation, immense scale, and the challenge of solving complex problems that have never been solved before. We are building the future of commerce, and we need brilliant minds to help us build it securely.

About the Team & The Role

The Cybersecurity team at Zepto is a core part of the engineering organization. Our mission is to secure our products, platforms, and customers by embedding security into the DNA of everything we build. We aren't just a compliance function or a team that finds vulnerabilities; we are builders and problem-solvers who create foundational security solutions that allow Zepto to scale safely.

We are looking for a Product Security Engineer who thinks like an engineer first and a security expert second. This is not a traditional pentesting role. You will not just be breaking things—you will be building the tools, systems, and processes to prevent them from breaking in the first place. You will be a trusted security partner to our product and engineering teams, shaping the future of our architecture and enabling developers to ship secure code at lightning speed.

What You'll Do (Responsibilities)

As a Product Security Engineer, you will:

• Design & Architect: Act as a security subject matter expert for engineering and product teams. Conduct in-depth architecture reviews, threat modeling, and design reviews for new features and services.
• Automate Everything: Build and implement automated security solutions within our CI/CD pipelines (DevSecOps). You will be responsible for our SAST, DAST, SCA, and secret scanning infrastructure, focusing on reducing noise and providing actionable, high-fidelity alerts to developers.
• Build Security Tooling: Identify gaps in our security posture and build custom tools and platforms to solve them. Whether it's a framework for secure service-to-service communication or a platform for managing secrets, you will own the solution from concept to production.
• Secure Code & Dependencies: Perform deep-dive manual and automated code reviews to identify complex security flaws. Drive our Software Composition Analysis (SCA) and secret management strategies, ensuring best practices are followed across the organization.
• Lead Security Initiatives: Own and drive large-scale security initiatives across the company, such as implementing a new authentication service, rolling out a web application firewall, or hardening our cloud infrastructure.
• Share Knowledge & Innovate: Mentor engineers on secure coding practices, write technical blog posts about the novel problems you're solving, present your work at conferences, and contribute back to the open-source community.

What We're Looking For (Qualifications)

• Engineering Mindset: A strong passion for solving complex problems with code. You are proficient in at least one programming language (e.g., Python, Go, Java, JavaScript) and are comfortable building security focused tools.
• Deep Security Expertise: A solid understanding of application security (AppSec) fundamentals. You know the OWASP Top 10 like the back of your hand but, more importantly, you understand the underlying vulnerabilities and how to mitigate them at scale.
• Hands-On Experience: Proven experience in areas like threat modeling, secure code review, and security automation. While you can perform a VAPT, you are more interested in automating the discovery and prevention of those vulnerabilities.
• DevSecOps Acumen: Experience integrating security tools into CI/CD pipelines and a strong belief in shifting security left.
• Excellent Communicator: You can clearly articulate complex security risks to both technical and non-technical audiences and can influence engineering teams without direct authority.
• Ownership & Drive: A proactive and self-driven attitude. You don't wait for tasks; you identify problems and take ownership of the solutions.

Why Join Us?

• Unparalleled Impact: Zepto is growing at an explosive rate. The solutions you build will have a direct and immediate impact on the security of millions of users and will be critical to the company's success.
• Solve for Scale: The challenges we face are unique. You won't be applying off-the-shelf solutions; you will be building for a scale and speed that few companies can match.
• Culture of Engineering: We are a tech-first company that values deep technical expertise. You will be surrounded by a world-class team of engineers to learn from and collaborate with.
• Greenfield Opportunities: Our security function is young and growing. You will have the opportunity to build things from the ground up and shape the future of our security posture.
• Growth & Learning: We encourage our team to be thought leaders. You'll have the support to write blogs, speak at events, and contribute to open-source projects that elevate both your and Zepto's reputation in the security community.

If you are an engineer who is passionate about security and wants to build resilient, scalable systems in a hyper-growth environment, we would love to hear from you.