Senior DevSecOps Engineer

Job Description

About GoKwik

GoKwik is a growth operating system designed to power D2C and eCommerce brands from checkout optimisation and reducing return-to-origin (RTO), to payments, retention, and post-purchase engagement. Today, GoKwik enables over 12,000 merchants worldwide, processes around $2 billion in GMV, and is strengthening its AI-powered infrastructure.

Backed by RTP Global, Z47, Peak XV, and Think Investments and bolstered by a $13 million growth round in June 2025 (total funding: $68 million), GoKwik is scaling aggressively across India and the UK.

Why This Role Matters

At GoKwik, security isnt a bolt-on, its a core part of how we build, ship, and scale. As a Senior DevSecOps Engineer, youll ensure every layer of our infrastructure and development lifecycle is secure, compliant, and resilient. Youll work end-to-end with engineering teams, from design and deployment to operations and optimisation, embedding security guardrails into CI/CD pipelines, automating IAM and compliance checks, and reducing human error to near zero. Youll also shape a culture where security is a shared responsibility, not a last-minute review, while staying battle-ready to lead incident response and drive blameless learning. In short, youll own the frameworks and practices that let GoKwik grow fast without ever compromising trust, directly protecting $2B+ GMV and thousands of merchants who rely on us every day.

What You&aposll Own

- Build secure CI/CD pipelines by embedding vulnerability scanning, SAST, and DAST, ensuring every release ships fast and safe
- Partner with engineering and security teams to design cloud-native architectures that are secure by default and resilient at scale
- Automate the boring stuff, from secrets management and IAM policy enforcement to compliance validation checks, cutting down human error and accelerating delivery
- Integrate best-in-class security tools (Vault, Prisma, Aqua, Trivy, etc.) into every layer of our infrastructure
- Take the lead during security incidents, coordinating response across teams and ensuring issues are remediated quickly and effectively
- Drive a proactive DevSecOps culture by running training, awareness programs, and blameless postmortems that turn incidents into learnings
- Own compliance readiness (SOC2, ISO 27001, PCI-DSS), working closely with governance and legal to keep us always audit-prepared without slowing down engineering

Who You Are

- 3 - 7 years of hands-on experience in DevSecOps or Cloud Security Engineering within fast-scaling SaaS or eCommerce environments
- Strong grasp of AppSec and Cloud Security fundamentals, from IAM, WAF, and KMS to CSPM best practices
- Practical experience with Kubernetes security (RBAC, PodSecurity, NetworkPolicies) and keeping clusters production-hardened
- Comfortable with threat modelling, incident response, and security compliance frameworks (ISO, SOC2, PCI-DSS)
- Solid coding/scripting skills (Python, Go, Bash, etc.) to automate controls and eliminate repetitive manual work
- Someone who doesnt just know the theory but has battle-tested experience in securing systems at scale

How You&aposll Thrive At GoKwik

- You embed security into velocity, helping teams move fast without cutting corners
- You believe in a blameless, learning-first culture, where issues are fixed, not hidden
- You take uptime and compliance seriously, 99.99999% is the bar, and you love building guardrails that make it possible
- You stay proactive, spotting and solving risks before they become incidents
- You thrive in a high-trust environment, where ownership is real and security is an enabler, not a blocker

Why GoKwik

At GoKwik, we arent just building tools, were rewriting the playbook for eCommerce in India.

We exist to solve some of the most complex challenges faced by digital-first brands: low conversion rates, high RTO, and poor post-purchase experience. Our checkout and conversion stack powers 500+ leading D2C brands and marketplaces and were just getting started.