Application Security Engineer

Job Description : Product Security Engineer

Team : Cybersecurity

Location : Bangalore, India

About Zepto

Zepto is revolutionizing e-commerce in India. As the country's fastest-growing quick-commerce company, we deliver groceries and essentials in 10 minutes flat. This speed is not just a promise; it's the result of a complex, high-throughput technology and operations backbone that operates at an unprecedented scale.

Our environment is defined by rapid innovation, immense scale, and the challenge of solving complex problems that have never been solved before. We are building the future of commerce, and we need brilliant minds to help us build it securely.

About the Team & The Role

The Cybersecurity team at Zepto is a core part of the engineering organization. Our mission is to secure our products, platforms, and customers by embedding security into the DNA of everything we build. We aren't just a compliance function or a team that finds vulnerabilities; we are builders and problem-solvers who create foundational security solutions that allow Zepto to scale safely.

We are looking for a Product Security Engineer who thinks like an engineer first and a security expert second. This is not a traditional pentesting role. You will not just be breaking things—you will be building the tools, systems, and processes to prevent them from breaking in the first place. You will be a trusted security partner to our product and engineering teams, shaping the future of our architecture and enabling developers to ship secure code at lightning speed.

What You’ll Do (Responsibilities)

As a Product Security Engineer, you will :

• Design & Architect : Act as a security subject matter expert for engineering and product teams. Conduct in-depth architecture reviews, threat modeling, and design reviews for new features and services.
• Automate Everything : Build and implement automated security solutions within our CI / CD pipelines (DevSecOps). You will be responsible for our SAST, DAST, SCA, and secret scanning infrastructure, focusing on reducing noise and providing actionable, high-fidelity alerts to developers.
• Build Security Tooling : Identify gaps in our security posture and build custom tools and platforms to solve them. Whether it’s a framework for secure service-to-service communication or a platform for managing secrets, you will own the solution from concept to production.
• Secure Code & Dependencies : Perform deep-dive manual and automated code reviews to identify complex security flaws. Drive our Software Composition Analysis (SCA) and secret management strategies, ensuring best practices are followed across the organization.
• Lead Security Initiatives : Own and drive large-scale security initiatives across the company, such as implementing a new authentication service, rolling out a web application firewall, or hardening our cloud infrastructure.
• Share Knowledge & Innovate : Mentor engineers on secure coding practices, write technical blog posts about the novel problems you're solving, present your work at conferences, and contribute back to the open-source community.

What We’re Looking For (Qualifications)

Why Join Us?

If you are an engineer who is passionate about security and wants to build resilient, scalable systems in a hyper-growth environment, we would love to hear from you.