Lead DevSecOps Engineer

Actively Reviewing the Applications

GoKwik

India, Haryana, Gurgaon Full-Time On-site

Posted 2 days ago • Apply by June 4, 2026

Job Description

About GoKwik

GoKwik is a growth operating system designed to power D2C and eCommerce brands from checkout optimisation and reducing return-to-origin (RTO), to payments, retention, and post-purchase engagement. Today, GoKwik enables over 15,000+ merchants worldwide, processes around $2 billion in GMV, and is strengthening its AI-powered infrastructure. Backed by RTP Global, Z47, Peak XV, and Think Investments and bolstered by a $13 million growth round in June 2025 (total funding: $68 million), GoKwik is scaling aggressively across India and the UK.

Why This Role Matters

At GoKwik, Security isn’t a bolt-on, it’s a core part of how we build, ship, and scale. As a Staff Security Engineer, you’ll ensure every layer of our infrastructure and development lifecycle is secure, compliant, and resilient. You’ll work end-to-end with Engineering teams, from design and deployment using agentic platforms to operations and optimisation, embedding security guardrails into CI/CD pipelines, automating IAM and compliance checks, and reducing human error to near zero. You’ll also shape a culture where security is a shared responsibility, not a last-minute review, while staying battle-ready with AI first thinking to lead incident response and drive blameless learning. In short, you’ll own the frameworks and practices that let GoKwik grow fast without ever compromising trust, directly protecting $2B+ GMV and thousands of merchants who rely on us every day.

What You'll Own

Build secure CI/CD pipelines by embedding vulnerability scanning, SAST, and DAST, ensuring every release ships fast and safe.
Partner with engineering and security teams to design cloud-native architectures that are secure by default and resilient at scale.
Automate the boring stuff, from secrets management and IAM policy enforcement to compliance validation checks, cutting down human error and accelerating delivery.
Integrate best-in-class security tools (Vault, Prisma, Aqua, Trivy, etc.) into every layer of our infrastructure
Take the lead during security incidents, coordinating response across teams and ensuring issues are remediated quickly and effectively.
Drive a proactive DevSecOps culture by running training, awareness programs, and blameless postmortems that turn incidents into learnings.
Own compliance readiness (SOC2, ISO 27001, PCI-DSS), working closely with governance and legal to keep us always audit-prepared without slowing down engineering.

Who You Are

8-12 years of hands-on and leading experience in DevSecOps or Cloud Security Engineering within fast-scaling SaaS or eCommerce environments.
Exposure to AI/LLM security frameworks and modern AI risk models.
Strong grasp of AppSec and Cloud Security fundamentals, from IAM, WAF, and KMS to CSPM best practices.
Practical experience with Kubernetes security (RBAC, PodSecurity, NetworkPolicies) and keeping clusters production-hardened.
Comfortable with threat modelling, incident response, and security compliance frameworks (ISO, SOC2, PCI-DSS).
Solid coding/scripting skills (Python, Go, Bash, etc.) to automate controls and eliminate repetitive manual work.
Someone who doesn’t just know the theory but has battle-tested experience in securing systems at scale.

Why GoKwik

At GoKwik, we aren’t just building tools, we’re rewriting the playbook for eCommerce in India. We exist to solve some of the most complex challenges faced by digital-first brands: low conversion rates, high RTO, and poor post-purchase experience. Our checkout and conversion stack powers 500+ leading D2C brands and marketplaces and we’re just getting started.

Required Skills

Application Security Cloud Security