Senior Security Engineer - (DevSecOps)

Gurugram, Haryana, India Full-time

About Grofers:

Grofers is a low-price online supermarket that gets products across categories like grocery, beauty & wellness, household care, baby care, pet care and meats & seafood delivered to your doorstep. At Grofers we believe in improving the quality of life of our customers by providing the best products at the best prices. To be able to meet customer expectations and enrich their shopping experience, we provide them with products they best relate with, help them save money on everyday purchases, and give them the spending power they need.

Roles & Responsibilities:

  • Provide subject matter expertise on architecture, authentication, and systems security to development teams.
  • Conduct security reviews, auditing, penetration testing, risk assessments, vulnerability assessments, threat modeling.
  • Perform security assessments of production corporate and cloud infrastructure.
  • Build systems and tools to secure our infrastructure and data.
  • Instrument systems to enable detection of intrusions and abuse.
  • Analyze and understand our network traffic flows and application behavior to detect and hunt down outliers.
  • Build, maintain and manage central security policies for our cloud infrastructure.
  • Build a continuous audit solution to validate systems against central security policies.
  • Drive a DevSecOps culture in the organization by working with engineering and product teams.
  • Lead security awareness and security knowledge sharing with teams to foster a culture of security.

Desired Skills & abilities:

  • B.Tech. / B.E. / B.Sc. / M.Sc. degree in Computer Science or equivalent software engineering degree/experience.
  • 3+ years of Infrastructure and Security experience.
  • A security generalist background with experience on application security, encryption, hardening, cloud security, and compliance.
  • Strong programming experience in one or more languages such as Python, Ruby, Java, Go, Bash, etc. It is important to us that you have worked as a developer before.
  • Web and mobile application security experience with a thorough understanding of web and mobile application vulnerabilities.
  • Experience of securing AWS infrastructure (or any other cloud infrastructure)
  • Experience in systems administration in Linux and familiarity with standard IT security practices (such as encryption, certificates, key management).
  • Some understanding/experience of configuring network and web application firewall.
  • Good understanding of standard networking protocols and components such as HTTP, DNS, TCP/IP, the OSI Model, networking and load balancing.
  • Proficiency with a version control system, preferably Git.
  • Good to have:

             - Experience with Cloud Computing platforms (particularly AWS).
             - Some experience with configuration management tools such as Ansible, Puppet, Chef or Salt.
             - Worked on logging infrastructure and SIEM.
             - Worked on credential/secrets management solution such as HashiCorp Vault.
             - Experience in IPS/IDS Management.
             - Some experience with Docker and Kubernetes
              - Some experience of managing ACLs in databases like Postgres, MySQL, MongoDB.
              - Some experience of setting up security scanning in CI pipelines

 Excited? You will be, once you visit our Engineering Blog where you can deep dive into all the cool stuff that our engineers have been working on.

All candidates interested in exploring the opportunity are requested to apply with us on