Lead Cybersecurity Engineer

About Delhivery

We are India's largest fully integrated logistics provider. We aim to build the operating system for commerce through a combination of world-class infrastructure, logistics operations of the highest quality and cutting-edge engineering and technology capabilities. Since its inception in 2011, our team has successfully fulfilled over 2 billion orders across India. We have built a nation-wide network with a presence in every state, servicing over 18,600 pin codes. 24 automated sort centres, 94 gateways, 2880 direct delivery centres, and a team of over 57,000 people make it possible for us to deliver 24 hours a day, 7 days a week, 365 days a year.

Vision

We aim to build the operating system for commerce through a combination of world- class infrastructure, logistics operations of the highest quality, and cutting-edge engineering and technology capabilities.

We're looking for a Lead Cyber Security Engineer who will manage and drive the technical execution of our core cybersecurity programs across our digital ecosystem. In this critical, hands-on role, you'll manage security assessment programs including in-depth Vulnerability Assessment and Penetration Testing (VAPT) of applications, network infrastructure, cloud environments, and APIs. You'll be instrumental in the shift-left security paradigm, assisting in the development and implementation of DevSecOps practices, securing our CI / CD pipelines, and embedding security throughout the SDLC. You'll also manage our proactive defenses through Red Teaming exercises and lead our reactive capabilities via Incident Response and Threat Intelligence.

Roles and Responsibilities

• Lead Security Assessment and VAPT : Own, plan, and execute comprehensive Vulnerability Assessment and Penetration Testing (VAPT) across all key domains : Applications (Web / Mobile), Network Infrastructure, Cloud Environments, and APIs.
• Vendor Management (VAPT, Assessments, & Red Teaming) : Manage external security vendors and stakeholders responsible for performing VAPT, security assessments, penetration testing, and Red Teaming exercises, ensuring high-quality execution, scope adherence, and timely delivery of actionable reports.
• Network Penetration Testing : Specifically scope, lead, and conduct advanced network pentesting to identify critical flaws in segmentation, configuration, and architecture.
• Red Teaming : Design and lead periodic Red Teaming and sophisticated attack simulation exercises to test the resilience of our security controls, detection capabilities, and incident response procedures.
• Coordinate with stakeholders to prioritize and drive the remediation of all identified security vulnerabilities, misconfigurations, and flaws.
• Leverage AI, machine learning, and security automation principles to increase program efficiency, standardize processes, and automate repetitive security tasks.
• SDLC Security & DevSecOps : Drive the integration of security controls and automation throughout the Software Development Life Cycle (SDLC), promoting a secure-by-design culture.
• Assist with DevSecOps & CI / CD Security : Directly assist in implementing and improving DevSecOps practices, focusing on securing the CI / CD pipelines and configuration management.
• Implement and manage security tools like SAST, DAST, and IAST, ensuring seamless integration into developer workflows.
• Cloud Security : Drive cloud security initiatives by implementing infrastructure-as-code security, configuration best practices, and compliance frameworks across cloud environments (e.g., AWS, Azure, GCP).
• Incident Response & Threat Intel : Oversee the entire Incident Response (IR) lifecycle, including threat hunting, forensics, mitigation, and post-incident analysis.
• SOC : Oversee the performance of external Security Operations Center (SOC) vendors or MSSPs, ensuring alignment with internal IR processes and effective threat monitoring.
• Continuously enhance the organization's threat landscape understanding by leveraging and operationalizing threat intelligence and managing the external attack surface.
• Vulnerability Management : Own the end-to-end technical vulnerability management program, including scanning, prioritization (leveraging threat intelligence), reporting, and tracking remediation efforts across the infrastructure and application portfolio.

Experience & Skills

Skills Required

DAST, DevSecOps, Vulnerability Management, SAST, Threat Intelligence, red teaming , security automation , Incident Response