Lead Cybersecurity Engineer

About Delhivery

We are India's largest fully integrated logistics provider. We aim to build the operating system for commerce through a combination of world-class infrastructure, logistics operations of the highest quality and cutting-edge engineering and technology capabilities. Since its inception in 2011, our team has successfully fulfilled over 2 billion orders across India. We have built a nation-wide network with a presence in every state, servicing over 18,600 pin codes. 24 automated sort centres, 94 gateways, 2880 direct delivery centres, and a team of over 57,000 people make it possible for us to deliver 24 hours a day, 7 days a week, 365 days a year.

Vision

We aim to build the operating system for commerce through a combination of world- class infrastructure, logistics operations of the highest quality, and cutting-edge engineering and technology capabilities.

We're looking for a Lead Cyber Security Engineer who will manage and drive the technical execution of our core cybersecurity programs across our digital ecosystem. In this critical, hands-on role, you'll manage security assessment programs including in-depth Vulnerability Assessment and Penetration Testing (VAPT) of applications, network infrastructure, cloud environments, and APIs. You'll be instrumental in the shift-left security paradigm, assisting in the development and implementation of DevSecOps practices, securing our CI/CD pipelines, and embedding security throughout the SDLC. You'll also manage our proactive defenses through Red Teaming exercises and lead our reactive capabilities via Incident Response and Threat Intelligence.

Roles and Responsibilities

• Lead Security Assessment and VAPT:
  Own, plan, and execute comprehensive Vulnerability Assessment and Penetration Testing (VAPT) across all key domains: Applications (Web/Mobile), Network Infrastructure, Cloud Environments, and APIs.
• Vendor Management (VAPT, Assessments, & Red Teaming):
  Manage external security vendors and stakeholders responsible for performing VAPT, security assessments, penetration testing, and Red Teaming exercises, ensuring high-quality execution, scope adherence, and timely delivery of actionable reports.
• Network Penetration Testing:
  Specifically scope, lead, and conduct advanced network pentesting to identify critical flaws in segmentation, configuration, and architecture.
• Red Teaming:
  Design and lead periodic Red Teaming and sophisticated attack simulation exercises to test the resilience of our security controls, detection capabilities, and incident response procedures.
• Coordinate with stakeholders to prioritize and drive the remediation of all identified security vulnerabilities, misconfigurations, and flaws.
• Leverage AI, machine learning, and security automation principles to increase program efficiency, standardize processes, and automate repetitive security tasks.
• SDLC Security & DevSecOps:
  Drive the integration of security controls and automation throughout the Software Development Life Cycle (SDLC), promoting a secure-by-design culture.
• Assist with DevSecOps & CI/CD Security:
  Directly assist in implementing and improving DevSecOps practices, focusing on securing the CI/CD pipelines and configuration management.
• Implement and manage security tools like SAST, DAST, and IAST, ensuring seamless integration into developer workflows.
• Cloud Security:
  Drive cloud security initiatives by implementing infrastructure-as-code security, configuration best practices, and compliance frameworks across cloud environments (e.g., AWS, Azure, GCP).
• Incident Response & Threat Intel:
  Oversee the entire Incident Response (IR) lifecycle, including threat hunting, forensics, mitigation, and post-incident analysis.
• SOC:
  Oversee the performance of external Security Operations Center (SOC) vendors or MSSPs, ensuring alignment with internal IR processes and effective threat monitoring.
• Continuously enhance the organization's threat landscape understanding by leveraging and operationalizing threat intelligence and managing the external attack surface.
• Vulnerability Management:
  Own the end-to-end technical vulnerability management program, including scanning, prioritization (leveraging threat intelligence), reporting, and tracking remediation efforts across the infrastructure and application portfolio.

Experience & Skills

• 5+ years of progressive experience in cybersecurity roles, with a proven track record in managing complex security initiatives.
• Minimum of 1-2 years of proven team handling or technical leadership experience mentoring engineers, defining project tasks, and managing team workload.
• Expert-level, hands-on experience managing and executing VAPT for applications, networks, cloud infrastructure, and APIs.
• Deep experience in technical Vulnerability Management, including managing scanning tools, driving prioritization, and tracking remediation at scale.
• Proven experience managing external vendors for critical security services, including VAPT, Security Assessments, SOC, and Red Teaming.
• Proven experience in offensive security, including leading or significantly contributing to Red Teaming or complex adversary emulation exercises.
• Deep understanding and practical experience in implementing DevSecOps principles and securing CI/CD pipelines.
• Strong practical experience with Incident Response and leveraging Threat Intelligence for proactive defense and analysis.
• Experience/knowledge of leveraging AI for security automation and program management.
• Relevant technical certifications like OSCP, GPEN, OSWE, Cloud Security Specialty etc are preferred.
• Excellent communication, technical advisory, and stakeholder management skills.