Security Engineer -1

About The Team The security team at Meesho is like the Avengers to Meesho's S.H.I.E.L.D. After all, when 5% of Indian households shop with us, it’s important to build resilient systems to manage millions of orders every day. We’ve done this – with zero downtime! 😎 Sounds impossible? Well, that’s the kind of Engineering muscle that has helped Meesho become the e-commerce giant it is today. We value speed over perfection, and see failures as opportunities to become better. We’ve taken steps to inculcate a strong ‘Founder’s Mindset’ across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As a Security Engineer, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we aren’t building unparalleled tech solutions, you can find us debating the plot points of our favorite books and games – or even gossiping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us.

About The Role As a Security Engineer I - Product Security , you’ll contribute to the design and development of internal security automation and tooling that safeguard Meesho’s products and infrastructure. You won’t just use tools - you’ll build them. From developing micro-services that detect vulnerabilities in real-time to automating threat modeling and code scanning, you’ll contribute directly to the codebase that keeps Meesho secure by design. You’ll collaborate deeply with platform, SRE, and product engineers to embed security controls into the SDLC, CI/CD pipelines, and runtime environments - ensuring developers get security feedback as code, not as tickets. This role offers a clear growth path toward Security Engineer II, with increasing ownership of security platform components and security architecture initiatives.

What You Will Do

• 1. Security Tooling & Automation
• Contribute to building internal security tools, pipelines, and integrations for SAST, DAST, SCA, and secrets scanning.
• Automate repetitive security test cases and workflows using Python, Go, or Node.js.
• Create APIs and dashboards that expose real-time security telemetry.
• Integrate with CI/CD (GitHub Actions, Jenkins, ArgoCD) to enforce security gates.
• Improve vulnerability detection coverage and reduce manual review overhead through scalable automation.
• 2. Secure Software Development
• Write production-grade, maintainable code that enhances security posture across repos.
• Contribute to open-source or internal frameworks for secure code review, dependency risk detection, and compliance automation.
• Partner with developers to design security libraries and SDKs that make “secure by default” easy to adopt.
• 3. Threat Modeling & Design Reviews
• Participate in security architecture reviews and model threats for new features.
• Support translation of findings into engineering solutions.
• Contribute reusable threat modeling templates or scripts that scale across teams.
• 4. Application Security Testing
• Perform and automate web, API, and mobile app security assessments.
• Develop scripts to correlate findings across scanners, triage false positives, and prioritize remediation.
• Build one-click validation tools or fuzzers that developers can run locally.
• 5. Developer Empowerment & Culture
• Contribute to internal security documentation, workshops, and awareness programs.
• Champion developer-first security practices that reduce friction and improve remediation speed.
• Continuously identify opportunities to eliminate manual effort via code.

What You Will Need

• Education: B.Tech/M.Tech in Computer Science, Software Engineering, or equivalent technical field.
• Experience:
• 1-2 years of hands-on experience in software development and application security.
• Prior experience building security tools, writing automation frameworks, or contributing to DevSecOps initiatives.
• Technical Skills:
• Strong coding proficiency in at least one of Python, Java, Go, or Node.js.
• Solid understanding of web technologies, RESTful APIs, and CI/CD pipelines.
• Basic understanding of secure coding principles and common vulnerability classes (e.g., OWASP Top 10).
• Familiarity with security testing tools (e.g., Burp, Nuclei, ZAP, Trivy, Semgrep).
• Knowledge of AWS/GCP security fundamentals, Docker, and Kubernetes.
• Experience integrating security checks in GitHub Actions or Jenkins.
• Core Competencies:
• Builder mindset - treats security as an engineering problem.
• Solid understanding of distributed systems and application architecture fundamentals.
• Excellent communication - can explain security trade-offs to developers.
• Passion for automation, open-source tools, and continuous improvement.
• Bonus:
• Experience with security data pipelines, LLM-assisted code review, or AI-driven vulnerability correlation.
• Contributions to open-source security projects or in-house tooling frameworks.