Software Security Engineer

Job Description

About The Team The security team at Meesho is like the Avengers to Meesho's S.H.I.E.L.D. After all, when 5% of Indian households shop with us, it?s important to build resilient systems to manage millions of orders every day. We?ve done this ? with zero downtime! ?? Sounds impossible? Well, that?s the kind of Engineering muscle that has helped Meesho become the e-commerce giant it is today. We value speed over perfection, and see failures as opportunities to become better. We?ve taken steps to inculcate a strong ?Founder?s Mindset? across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As a Security Engineer, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we aren?t building unparalleled tech solutions, you can find us debating the plot points of our favorite books and games ? or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us. About The Role As a Software Security Engineer , you?ll design, build, and scale internal security automation and tooling that safeguard Meesho?s products and infrastructure. You won?t just use tools - you?ll build them. From developing micro-services that detect vulnerabilities in real-time to automating threat modeling and code scanning, you?ll contribute directly to the codebase that keeps Meesho secure by design.You?ll collaborate deeply with platform, SRE, and product engineers to embed security controls into the SDLC, CI/CD pipelines, and runtime environments - ensuring developers get security feedback as code, not as tickets. What You Will Do 1. Security Tooling & Automation Build internal security tools, pipelines, and integrations for SAST, DAST, SCA, and secrets scanning. Automate repetitive security test cases and workflows using Python, Go, or Node.js. Create APIs and dashboards that expose real-time security telemetry. Integrate with CI/CD (GitHub Actions, Jenkins, ArgoCD) to enforce security gates. 2. Secure Software Development Write production-grade, maintainable code that enhances security posture across repos. Contribute to open-source or internal frameworks for secure code review, dependency risk detection, and compliance automation. Partner with developers to design security libraries and SDKs that make ?secure by default? easy to adopt. 3. Threat Modeling & Design Reviews Drive security architecture reviews and model threats for new features. Translate findings into engineering solutions and automation guardrails. Contribute reusable threat modeling templates or scripts that scale across teams. 4. Application Security Testing Perform and automate web, API, and mobile app security assessments. Develop scripts to correlate findings across scanners, triage false positives, and prioritize remediation. Build one-click validation tools or fuzzers that developers can run locally. 5. Developer Empowerment & Culture Contribute to internal security documentation, workshops, and awareness programs. Champion developer-first security automation - faster fixes, fewer blockers. Continuously identify opportunities to eliminate manual effort via code. What You Will Need Education: B.Tech/M.Tech in Computer Science, Software Engineering, or equivalent technical field. Experience:1-2 years of hands-on experience in software development and application security. Prior experience building security tools, writing automation frameworks, or contributing to DevSecOps initiatives. Technical Skills:Strong coding skills in Python, Java, Go, or Node.js (bonus: React/TypeScript).Solid understanding of web technologies, RESTful APIs, and CI/CD pipelines. Familiarity with security testing tools (e.g., Burp, Nuclei, ZAP, Trivy, Semgrep). Knowledge of AWS/GCP security fundamentals, Docker, and Kubernetes. Experience integrating security checks in GitHub Actions or Jenkins. Core Competencies: Builder mindset - treats security as an engineering problem. Strong debugging and system-design skills. Excellent communication - can explain security trade-offs to developers. Passion for automation, open-source tools, and continuous improvement. Bonus: Experience with security data pipelines, LLM-assisted code review, or AI-driven vulnerability correlation. Contributions to open-source security projects or in-house tooling frameworks.