Security Engineer II Job in Bangalore at Meesho

Meesho is hiring for the role of Security Engineer II!

Responsibilities of the Candidate:

• Conduct comprehensive security assessments of iOS and Android mobile applications using the OWASP, and MASVS framework to uncover vulnerabilities.
• Utilize static and dynamic analysis techniques to identify security vulnerabilities like insecure data storage, inadequate cryptography, flawed session management, insecure communication channels, etc.
• Collaborate closely with the development teams to embed security best practices into the software development lifecycle (SDLC).
• Plan, coordinate, and execute red team exercises to simulate real-world cyber attacks and assess the effectiveness of our organization's security defenses.
• Develop and implement sophisticated attack scenarios, tactics, and techniques to identify weaknesses in our security controls and incident response capabilities.
• Provide actionable recommendations and remediation strategies based on red team findings to enhance the organization's overall security posture.
• Lead threat modeling sessions to outline potential security threats, provide key security insights, integrate threat modeling feedback into product design, use industry-standard tools for risk assessment and mitigation, and collaborate with cross-functional teams to address security concerns throughout the SDLC.
• Execute thorough security assessments of Web and API endpoints to identify vulnerabilities, evaluate the effectiveness of security controls (authentication, authorization, input validation, encryption, session management, etc), apply industry-standard frameworks (OWASP Top 10, API Security Top 10, NIST), and foster a robust security culture through training and awareness initiatives.

Requirements:

• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• Minimum 3-5 years of experience in cybersecurity roles, with a focus on mobile security, threat modeling, and red teaming.
• Strong understanding of mobile application security principles, best practices, and common attack vectors.
• Experience with threat modeling methodologies and tools.
• Hands-on experience planning and executing red team exercises, including attack simulation, reconnaissance, and post-exploitation activities.
• Strong analytical and problem-solving abilities.
• Exceptional communication skills for effective cross-functional collaboration.
• Demonstrated experience in conducting SAST and DAST of Android and iOS applications.
• Familiarity with tools like Frida, Objection, ADB, Drozer, MobSF, etc.
• Proven track record in planning, coordinating, and executing red team exercises.
• Proven experience in conducting and leading threat modeling exercises.
• Strong expertise in conducting thorough security assessments of web and API endpoints.
• Familiarity with CI/CD tools, security automation processes, and tools integration.