About Zepto

Zepto is India's fastest-growing startup and the leader in quick-commerce grocery delivery. We're revolutionizing the industry with our groundbreaking platform and lightning-fast delivery promise. As a Senior Application Security Engineer at Zepto, you'll play a crucial role in securing the technology that powers our innovative service.

What You’ll Do

● Conduct thorough penetration testing of our web applications, APIs, and mobile apps to identify vulnerabilities and provide detailed reports with risk analysis.

● Research, develop, and implement cutting-edge security automation solutions using scripting languages like Python to streamline testing processes, enhance coverage, and minimize manual effort.

● Collaborate closely with development teams to provide remediation guidance and ensure timely resolution of security issues within our rapid release cycles.

● Implement DevSecOps best practices and integrate security into our CI/CD pipeline, including SCA, SAST, secrets management, container image scanning, and microservices security.

● Apply threat modeling techniques to proactively identify and mitigate potential vulnerabilities at the design stage of our application architecture.

● Educate developers on secure coding practices, common vulnerabilities, and potential attack vectors to foster a security-focused mindset across the organization.

● Track and manage identified vulnerabilities through the remediation process, providing visibility into our overall security posture.

● Assist with security incident response as needed, contributing to root-cause analysis and swift resolution.

● Engage with stakeholders across different teams and pods, effectively communicating security findings, recommendations, and progress updates.

What You’ll Need

● 2-5 years of experience in application security, penetration testing, or a related field.

● Strong penetration testing skills and expertise in using tools such as Burp Suite, Metasploit, Kali Linux, OWASP ZAP, and mobile security testing tools.

● Hands-on experience with DevSecOps practices and tooling, integrating security into the software development lifecycle.

● Deep understanding of common vulnerability classifications (OWASP Top 10, CWE, etc.), exploit techniques, and secure coding principles.

● Proficiency in scripting languages (e.g., Python) for developing security automation solutions.

● Excellent communication and collaboration abilities, with strong skills in cross-pod communication and stakeholder management.

● Passion for continuous learning and staying up-to-date with the latest trends and techniques in application security.

● Certifications such as OSCP, CRTP, or similar are a plus.

● Experience participating in or winning CTF competitions and having a good bug bounty track record is a plus.

● Familiarity with red teaming methodologies and techniques is advantageous.

What We Offer

● Immense opportunities for learning and growth, tackling diverse security challenges across cutting-edge technologies.

● An open, collaborative environment where your ideas and contributions are valued and encouraged.

● Competitive compensation and benefits package commensurate with your experience and skills. ● The chance to make a significant impact on the security posture of India’s leading quick-commerce platform. If you’re a passionate and skilled application security professional with a strong background in penetration testing, DevSecOps practices, and security automation, we’d love to hear from you! Apply now and join us in securing the future of grocery delivery at Zepto.