Lead Cybersecurity Engineer

Job Description

About Delhivery

We are India's largest fully integrated logistics provider. We aim to build the operating system for commerce through a combination of world-class infrastructure, logistics operations of the highest quality and cutting-edge engineering and technology capabilities. Since its inception in 2011, our team has successfully fulfilled over 2 billion orders across India. We have built a nation-wide network with a presence in every state, servicing over 18,600 pin codes. 24 automated sort centres, 94 gateways, 2880 direct delivery centres, and a team of over 57,000 people make it possible for us to deliver 24 hours a day, 7 days a week, 365 days a year.

Vision

We aim to build the operating system for commerce through a combination of world- class infrastructure, logistics operations of the highest quality, and cutting-edge engineering and technology capabilities.

We're looking for a Lead Cyber Security Engineer who will manage and drive the technical execution of our core cybersecurity programs across our digital ecosystem. In this critical, hands-on role, you'll manage security assessment programs including in-depth Vulnerability Assessment and Penetration Testing (VAPT) of applications, network infrastructure, cloud environments, and APIs. You'll be instrumental in the shift-left security paradigm, assisting in the development and implementation of DevSecOps practices, securing our CI/CD pipelines, and embedding security throughout the SDLC. You'll also manage our proactive defenses through Red Teaming exercises and lead our reactive capabilities via Incident Response and Threat Intelligence.

Roles and Responsibilities

- Lead Security Assessment and VAPT: Own, plan, and execute comprehensive Vulnerability Assessment and Penetration Testing (VAPT) across all key domains: Applications (Web/Mobile), Network Infrastructure, Cloud Environments, and APIs.
- Vendor Management (VAPT, Assessments, & Red Teaming): Manage external security vendors and stakeholders responsible for performing VAPT, security assessments, penetration testing, and Red Teaming exercises, ensuring high-quality execution, scope adherence, and timely delivery of actionable reports.
- Network Penetration Testing: Specifically scope, lead, and conduct advanced network pentesting to identify critical flaws in segmentation, configuration, and architecture.
- Red Teaming: Design and lead periodic Red Teaming and sophisticated attack simulation exercises to test the resilience of our security controls, detection capabilities, and incident response procedures.
- Coordinate with stakeholders to prioritize and drive the remediation of all identified security vulnerabilities, misconfigurations, and flaws.
- Leverage AI, machine learning, and security automation principles to increase program efficiency, standardize processes, and automate repetitive security tasks.
- SDLC Security & DevSecOps: Drive the integration of security controls and automation throughout the Software Development Life Cycle (SDLC), promoting a secure-by-design culture.
- Assist with DevSecOps & CI/CD Security: Directly assist in implementing and improving DevSecOps practices, focusing on securing the CI/CD pipelines and configuration management.
- Implement and manage security tools like SAST, DAST, and IAST, ensuring seamless integration into developer workflows.
- Cloud Security: Drive cloud security initiatives by implementing infrastructure-as-code security, configuration best practices, and compliance frameworks across cloud environments (e.g., AWS, Azure, GCP).
- Incident Response & Threat Intel: Oversee the entire Incident Response (IR) lifecycle, including threat hunting, forensics, mitigation, and post-incident analysis.
- SOC: Oversee the performance of external Security Operations Center (SOC) vendors or MSSPs, ensuring alignment with internal IR processes and effective threat monitoring.
- Continuously enhance the organization's threat landscape understanding by leveraging and operationalizing threat intelligence and managing the external attack surface.
- Vulnerability Management: Own the end-to-end technical vulnerability management program, including scanning, prioritization (leveraging threat intelligence), reporting, and tracking remediation efforts across the infrastructure and application portfolio.

Experience & Skills

- 5+ years of progressive experience in cybersecurity roles, with a proven track record in managing complex security initiatives.
- Minimum of 1-2 years of proven team handling or technical leadership experience mentoring engineers, defining project tasks, and managing team workload.
- Expert-level, hands-on experience managing and executing VAPT for applications, networks, cloud infrastructure, and APIs.
- Deep experience in technical Vulnerability Management, including managing scanning tools, driving prioritization, and tracking remediation at scale.
- Proven experience managing external vendors for critical security services, including VAPT, Security Assessments, SOC, and Red Teaming.
- Proven experience in offensive security, including leading or significantly contributing to Red Teaming or complex adversary emulation exercises.
- Deep understanding and practical experience in implementing DevSecOps principles and securing CI/CD pipelines.
- Strong practical experience with Incident Response and leveraging Threat Intelligence for proactive defense and analysis.
- Experience/knowledge of leveraging AI for security automation and program management.
- Relevant technical certifications like OSCP, GPEN, OSWE, Cloud Security Specialty etc are preferred.
- Excellent communication, technical advisory, and stakeholder management skills.