Engineering Manager | Security Job in Grofers India Pvt Ltd.

About the role:As an Engineering Manager for the security team, you will be responsible for overall security posture of Grofers IT landscape, providing security expertise to your team and other teams at Grofers, drive a culture of security by building processes and systems, ensure Grofers meets all necessary regulations, work with Grofers leadership in meeting business goals, report on security metrics and build a high performing team - hire, grow, mentor (this is a critical part of this role). You should have a keen desire to make Grofers a safe platform for our customers.
What you will do everyday:

• Manage and build our security team
• Run different kinds of security practices such as application security, vulnerability management, cloud infrastructure security, compliance, etc
• Manage the bug bounty program and timely closure of vulnerabilities
• Define and report on information security metrics to management
• Define the IT security policies, standards and guidelines to meet security goals and regulatory needs
• Take build vs buy decisions - decide when to build and outsource when necessary. Work with vendors to perform security assessments, penetration testing, etc
• Manage and mentor team members - grow individuals on the team, help them achieve their ambitions while keeping them aligned to company goals
• Manage multiple security teams. Hire full time or contract engineers
• Work closely with Grofers tech leadership to get the right security goals prioritized
• Drive a culture of DevSecOps. Promote "Shift Left" philosophy for security
• Invest in building automated systems to reduce the cost of security operations

Skills you need to do the job:

• 7-10 years of prior industry experience
• Relevant engineering work experience and hands-on technical management experience
• Track record in partnering with recruiting to build incredible engineering teams
• Actively coached and mentored team members in their careers
• Actively involved in setting product strategy for internal security products
• Experience as a developer, ideally with Python but any other common language also works
• Pentesting, threat modeling, and architecture review experience
• Shipped several large scale projects with multiple dependencies across teams
• Experience with running internal or external compliance processes. Some experience with relevant security certifications such as ISO27001, SOX, etc
• Experience of working in cloud-native environments. We use AWS and Kubernetes extensively. Relevant experience with at least one is necessary. Experience with any cloud platform like GCP or Azure also works
• Exceptional written and verbal communication skills

• Independently started self-sustaining teams
• Consistently made culture choices that positively impact all of engineering
• Experience with configuration management systems (such as Ansible, Chef, Puppet) or Infrastructure-as-code (Terraform)