Your browser does not support javascript! Please enable it, otherwise web will not work for you.

Security Engineer II @ Meesho

Home > IT Security

 Security Engineer II

Job Description


About the Role

As a Security Engineer 2, you will be a key player in maturing our product security posture. You won't just find vulnerabilities; you'll help us build more secure products from the ground up. Your work will directly protect our customers and the business by focusing on offensive security testing, proactive threat modeling, and embedding security into our development lifecycle and company culture.

What you will do
  • Application Security Testing: Conduct comprehensive security assessments (VAPT) of our web platforms, APIs, network and mobile applications (iOS & Android) to identify and mitigate vulnerabilities.
  • Offensive Security: Plan and execute red team and purple team exercises to simulate real-world attacks, test our defenses, and provide actionable recommendations to improve our security posture.
  • Threat Modeling: Lead threat modeling sessions for new and existing features, collaborating with engineering teams to identify potential threats in the design phase and integrate security requirements into the product lifecycle.
  • DevSecOps & Automation: Enhance our CI/CD pipeline by integrating security tools (SAST, DAST, IAST). Develop and implement hands-on security automation to streamline security processes and improve our detection and response capabilities.
  • Security Culture & Awareness: Drive key security culture initiatives, including managing the Security Champions program, conducting phishing simulations, and delivering developer awareness training sessions.
  • Risk & Compliance: Contribute to compliance and risk management efforts, such as ISO 27001 readiness, third-party risk management (TPRM), and Business Continuity/Business Impact Analysis (BCP/BIA).
  • Security Partnership: Act as a security subject matter expert for developers, providing guidance on secure coding practices, vulnerability remediation, and security best practices through code reviews and consultations.
  • Code Review: Perform manual and automated code reviews to identify security-critical bugs.
  • Bug Bounty: Assist in managing our bug bounty program, including triaging submissions and engaging with security researchers.
What You Will Need
  • Experience: 3-5 years of hands-on experience in a product security or application security role.
  • Education: A Bachelor's or Master's degree in Computer Science, Information Security, or a related field is preferred.
  • Mobile Security Expertise:
  • Strong experience in mobile application security assessments for both Android and iOS.Proficiency with mobile security tools like Frida, Objection, Drozer, MobSF, ADB, etc.Deep understanding of the OWASP MASVS framework and mobile-specific vulnerabilities (insecure webview, insecure deeplink, insecure data storage, flawed cryptography, etc.).
  • Web & API Security Expertise: Proven ability to perform security assessments on web applications and APIs, with a strong understanding of the OWASP Top 10 for both.
  • Experience testing for complex vulnerabilities in authentication, authorization, session management, and business logic.
  • Offensive Security & Threat Modeling: Demonstrated experience planning and executing red team exercises.
  • Proven ability to lead threat modeling sessions and integrate findings into the SDLC.
  • General Skills & Acumen: Strong analytical and problem-solving skills.Excellent communication skills, with the ability to explain complex security issues to both technical and non-technical audiences.
  • Familiarity with DevSecOps principles and CI/CD pipeline security automation.
  • (Bonus Points) Active participation in public or private bug bounty programs is a huge plus.
  • Experience with security awareness initiatives (e.g., Security Champions) and compliance frameworks (e.g., ISO 27001, TPRM) is also highly desirable.

Job Classification

Industry: BPM / BPO
Functional Area / Department: IT & Information Security
Role Category: IT Security
Role: Application Security Engineer
Employement Type: Full time

Contact Details:

Company: Meesho
Location(s): Bengaluru

+ View Contact

Keyskills:   API Security Drozer MobSF DevSecOps Threat Modeling CI/CD pipeline Web Security ADB

 Fraud Alert to job seekers!

₹ Not Disclosed

Similar positions

Sentinel - Platform Engineer

  • Capgemini
  • 4 - 6 years
  • Bengaluru
  • 2 days ago
₹ Not Disclosed

Sailpoint Iiq Developer

  • Capgemini
  • 6 - 11 years
  • Chennai
  • 2 days ago
₹ Not Disclosed

App Security Specialist (Saviynt IGA, Access Management)

  • Cognizant
  • 8 - 11 years
  • Bengaluru
  • 2 days ago
₹ Not Disclosed

Information Security P17

  • Intelex Technologies
  • 5 - 8 years
  • Bengaluru
  • 2 mths ago
₹ Not Disclosed

Meesho

Meesho Meesho is building a disruptive social distribution channel via social sellers selling on WhatsApp, Facebook and other social channels. Meesho has so far enabled 10,00,000+ social sellers across 500+ towns to start and grow their online business, with tools around sourcing, logistics and ...

IndigoJobs © 2025

For enquiries: contact(at)indigojobs.in

We are in open beta version of website, please let us know if any issues, at: info(at)indigojobs.in