- Build secure CI/CD pipelines by embedding vulnerability scanning, SAST, and DAST, ensuring every release ships fast and safe.
- Partner with engineering and security teams to design cloud-native architectures that are secure by default and resilient at scale.
- Automate the boring stuff, from secrets management and IAM policy enforcement to compliance validation checks, cutting down human error and accelerating delivery.
- Integrate best-in-class security tools (Vault, Prisma, Aqua, Trivy, etc.) into every layer of our infrastructure
- Take the lead during security incidents, coordinating response across teams and ensuring issues are remediated quickly and effectively.
- Drive a proactive DevSecOps culture by running training, awareness programs, and blameless postmortems that turn incidents into learnings.
- Own compliance readiness (SOC2, ISO 27001, PCI-DSS), working closely with governance and legal to keep us always audit-prepared without slowing down engineering.
- 8-12 years of hands-on and leading experience in DevSecOps or Cloud Security Engineering within fast-scaling SaaS or eCommerce environments.
- Exposure to AI/LLM security frameworks and modern AI risk models.
- Strong grasp of AppSec and Cloud Security fundamentals, from IAM, WAF, and KMS to CSPM best practices.
- Practical experience with Kubernetes security (RBAC, PodSecurity, NetworkPolicies) and keeping clusters production-hardened.
- Comfortable with threat modelling, incident response, and security compliance frameworks (ISO, SOC2, PCI-DSS).
- Solid coding/scripting skills (Python, Go, Bash, etc.) to automate controls and eliminate repetitive manual work.
- Someone who doesn’t just know the theory but has battle-tested experience in securing systems at scale.
Skills Required
- 8-12 years hands-on and leading experience in DevSecOps or Cloud Security Engineering
- Exposure to AI/LLM security frameworks and modern AI risk models
- Strong grasp of AppSec and Cloud Security fundamentals (IAM, WAF, KMS, CSPM)
- Practical experience with Kubernetes security (RBAC, PodSecurity, NetworkPolicies)
- Experience embedding vulnerability scanning, SAST, and DAST into CI/CD pipelines
- Solid coding/scripting skills to automate controls (Python, Go, Bash)
- Experience integrating security tools (Vault, Prisma, Aqua, Trivy)
- Hands-on experience with secrets management and automating IAM policy enforcement
- Comfortable with threat modelling and incident response leadership
- Practical knowledge of compliance frameworks and readiness (SOC2, ISO 27001, PCI-DSS)
What We Do
GoKwik is a data & technology led enabler, building a full-stack solution suite for eCommerce and D2C brands to help them unlock business growth. Embarked on a mission to democratise the shopping experience, GoKwik enables eCommerce brands to deliver superlative customer experience across the shopping funnel thereby boosting conversion rates and revenue growth. It also solves for other critical pain points of the industry such as COD RTO (Return to Origin) and helps brands manage the RTO problem while offering COD as a payment channel. With its recent addition of a third product: KwikChat, GoKwik is solving for low ROIs on marketing campaigns through 30+ Whatsapp use cases such as abandoned cart recovery, click to whatsapp ad campaigns & headless checkout. 1 in 3 shoppers is already shopping on the GoKwik network that has helped 500+ brands scale their businesses with higher GMV realisation & profit margins. It is helmed by Chirag Taneja (Co-Founder and Chief Executive Officer), Vivek Bajpai (Co-Founder and Chief Technology Officer), and Ankush Talwar (Co-Founder and Chief Data Scientist). GoKwik is backed by investors such as Sequoia Capital, Matrix Partners India, RTP Global & Think Investments. GoKwik's team has deep knowledge in the space of eCommerce with people having previous experience in Flipkart, Razorpay, Swiggy, Myntra, Nykaa, and more.
