Security Engineer

New Delhi, Delhi, India | Full-time


About WinZO Games
WinZO is India’s largest social gaming platform aiming at building an astronomical tech strong gaming ecosystem in India. WinZO in a short span of time has emerged as the leanest Series C funded gaming startup in the Indian startup ecosystem. WinZO has so far raised over $100MM and handles more than 3.5+ Bn micro transactions monthly, a number which is fast growing. WinZO with a data driven DNA is working towards becoming the one-stop-shop for online gaming users spread across every household in Bharat. With a vision of becoming a household name for Bharat, catering to their entertainment needs through interactive engagements, Paavan Nanda (Co-Founder, WinZO, Zostel & ZO Rooms) and Saumya Singh Rathore (Co-Founder, WinZO, Ex-Chief of Staff & Growth- ZO Rooms, Zostel, Ex-Times Group), are aggressively building the platform to not just capture market opportunities but also explore and maximize potential of social interactions as consumption drivers. Both of them are putting together WinZO piece by piece using tech and data to create a transparent and unique gaming experience for its users.

WinZO, which hosts 100+ games in 12+ languages, has 80% users consuming the app in vernacular languages. WinZO has always yearned to mentor, guide and onboard games to be culturally relevant for Bharat. It also provides opportunities for housewives to translate and earn which empowers them economically. A 150+ members strong team with stellar professionals coming from global tech giants and companies such as Google, Amazon, Flipkart, McKinsey etc., WinZO is funded and backed by global gaming and entertainment investment funds such as Griffin Gaming Partners, Maker’s Fund, Courtside Ventures, Pags Group and Kalaari.

WinZO is continually working towards revolutionizing the gaming ecosystem by creating a complete entertainment package through a slew of interactive features. Speaking of the larger picture the platform is driving unique initiatives that are constantly attempting to nurture and groom developers.

WinZO Values:
Integrity, Excellence Perseverance, Data Orientation, Agility

About the Role:

As a Security Engineer, you help protect network boundaries, data and infrastructure. Provide security services to protect highly sensitive data like passwords and customer information. Security Engineers actively monitor our systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities. You understand the user's point of view and are passionate about using your combined technical, analytical, and strategic acumen to protect our users. You will work with Engineers and Product Managers to navigate challenging online safety situations and handle abuse and fraud. You will perform low-level security assessments against hardware, firmware, as well as the Android Operating System (kernel), working to identify vulnerabilities and provide remediation guidance to impacted application developers. You will take care of all aspects of Application, Cloud and Data/ Enterprise Security.

What you will do:

● Set up process, policies, controls and/or standards to meet state-of-the-art security framework and compliances

● Design solutions that enable automatic identification of harmful or unwanted applications and analyze such applications to understand their behavior and impact on the ecosystem

● Perform manual and automated application Vulnerability Assessment & Penetration Testing and manage technical documentation including VAPT/Application Security tracking and reporting

● Partner with cross-functional groups such as Engineering, Policy and Legal to update policies, fix product loopholes, and provide users with a better mobile experience

● Document how high-risk components in Android interact with each other and the OS, and use that information to drive analysis of the OS.

● Provide guidance to feature teams based on our analysis of the coding practices and vulnerabilities found during engagements 

What you should have:

Bachelor's degree in Computer Science, Engineering, related technical field, or equivalent practical experience

● 2+ years of experience in application-level vulnerability testing, code-level security auditing, software reverse engineering, code-level security auditing or Android system security

● Experience reading assembly and understanding of how to unpack obfuscated Code

● Experience with static and dynamic analysis of malicious binaries

● Familiarity with tools such as IDA Pro or OllyDbg or similar

● Experience with building a secure mobile application

● Programing skills with expertise in any one of the following: C/C++/Java/NodeJS/GoLang/Python

● Experience designing and delivering security services at scale

● Good understanding of computer networks, focusing on HTTP, TCP/IP/UDP.

● Experience finding and fixing common security vulnerabilities (e.g., OWASP Top10)

● Excellent written and verbal communication skills to clearly communicate technical concepts with multiple cross-regional and cross-functional stakeholders 

Other Good to have skills:

● Understanding of network designs, topologies, and ideas is required (Firewalls, LB, WAF, CDN, VPC, ACL)

● Solid understanding of security issues in Infrastructure as code, security as code and Compliance as code

● Experience building cloud services and distributed systems. (e.g. AWS)

● Proven track record of developing and executing methods to enable secure and compliant architectures

● Experience with attacker tactics, techniques and procedures

At our core, we’re a creative company. Ideas is where we live, and we love building magical products. It’s not just about features, it’s also about how they make people feel. So, we build at the intersection of the technical and the romantic. And it all starts with people, the right team that cares deeply about our mission, values, and our users. We value diversity. We are an equal opportunity employer: we do not discriminate based on race, colour, religion, gender, ethnicity, or disability status.

Download our app for a better understanding -