Lead Cyber Security Engineer

Lead Cyber Security Engineer

Job Title: Lead Cyber Security Engineer

Employment Type: Full-time Department/Group: Cyber Security

Location: Gurgaon

About Delhivery

We are India's largest fully integrated logistics provider. We aim to build the operating system for

commerce through a combination of world-class infrastructure, logistics operations of the

highest quality and cutting-edge engineering and technology capabilities. Since its inception in

2011, our team has successfully fulfilled over 2 billion orders across India. We have built a

nation-wide network with a presence in every state, servicing over 18,600 pin codes. 24

automated sort centres, 94 gateways, 2880 direct delivery centres, and a team of over 57,000

people make it possible for us to deliver 24 hours a day, 7 days a week, 365 days a year.

Vision

We aim to build the operating system for commerce through a combination of world- class

infrastructure, logistics operations of the highest quality, and cutting-edge engineering and

technology capabilities.

We're looking for a Lead Cyber Security Engineer who will manage and drive the technical

execution of our core cybersecurity programs across our digital ecosystem. In this critical,

hands-on role, you'll manage security assessment programs including in-depth Vulnerability

Assessment and Penetration Testing (VAPT) of applications, network infrastructure, cloud

environments, and APIs. You'll be instrumental in the shift-left security paradigm, assisting in the

development and implementation of DevSecOps practices, securing our CI/CD pipelines, and

embedding security throughout the SDLC. You'll also manage our proactive defenses through

Red Teaming exercises and lead our reactive capabilities via Incident Response and Threat

Intelligence.

Roles and Responsibilities

● Lead Security Assessment and VAPT: Own, plan, and execute comprehensive

Vulnerability Assessment and Penetration Testing (VAPT) across all key domains:

Applications (Web/Mobile), Network Infrastructure, Cloud Environments, and APIs.

● Vendor Management (VAPT, Assessments, & Red Teaming): Manage external

security vendors and stakeholders responsible for performing VAPT, security

assessments, penetration testing, and Red Teaming exercises, ensuring high-quality

execution, scope adherence, and timely delivery of actionable reports.

● Network Penetration Testing: Specifically scope, lead, and conduct advanced network

pentesting to identify critical flaws in segmentation, configuration, and architecture.

● Red Teaming: Design and lead periodic Red Teaming and sophisticated attack

simulation exercises to test the resilience of our security controls, detection capabilities,

and incident response procedures.

● Coordinate with stakeholders to prioritize and drive the remediation of all identified

security vulnerabilities, misconfigurations, and flaws.

● Leverage AI, machine learning, and security automation principles to increase program

efficiency, standardize processes, and automate repetitive security tasks.

● SDLC Security & DevSecOps: Drive the integration of security controls and automation

throughout the Software Development Life Cycle (SDLC), promoting a secure-by-design

culture.

● Assist with DevSecOps & CI/CD Security: Directly assist in implementing and

improving DevSecOps practices, focusing on securing the CI/CD pipelines and

configuration management.

● Implement and manage security tools like SAST, DAST, and IAST, ensuring seamless

integration into developer workflows.

● Cloud Security: Drive cloud security initiatives by implementing infrastructure-as-code

security, configuration best practices, and compliance frameworks across cloud

environments (e.g., AWS, Azure, GCP).

● Incident Response & Threat Intel: Oversee the entire Incident Response (IR) lifecycle,

including threat hunting, forensics, mitigation, and post-incident analysis.

● SOC: Oversee the performance of external Security Operations Center (SOC) vendors

or MSSPs, ensuring alignment with internal IR processes and effective threat monitoring.

● Continuously enhance the organization's threat landscape understanding by leveraging

and operationalizing threat intelligence and managing the external attack surface.

● Vulnerability Management: Own the end-to-end technical vulnerability management

program, including scanning, prioritization (leveraging threat intelligence), reporting, and

tracking remediation efforts across the infrastructure and application portfolio.

Experience & Skills

● 5+ years of progressive experience in cybersecurity roles, with a proven track record in

managing complex security initiatives.

● Minimum of 1-2 years of proven team handling or technical leadership experience

mentoring engineers, defining project tasks, and managing team workload.

● Expert-level, hands-on experience managing and executing VAPT for applications,

networks, cloud infrastructure, and APIs.

● Deep experience in technical Vulnerability Management, including managing scanning

tools, driving prioritization, and tracking remediation at scale.

● Proven experience managing external vendors for critical security services, including

VAPT, Security Assessments, SOC, and Red Teaming.

● Proven experience in offensive security, including leading or significantly contributing to

Red Teaming or complex adversary emulation exercises.

● Deep understanding and practical experience in implementing DevSecOps principles

and securing CI/CD pipelines.

● Strong practical experience with Incident Response and leveraging Threat Intelligence

for proactive defense and analysis.

● Experience/knowledge of leveraging AI for security automation and program

management.

● Relevant technical certifications like OSCP, GPEN, OSWE, Cloud Security Specialty etc

are preferred.

● Excellent communication, technical advisory, and stakeholder management skills.