Principal Engineer - DevSecOps - Mobile App Development

General Mills

General Mills

Mumbai, Maharashtra, India
Posted on Wednesday, March 8, 2023

Job Description

India is among the top ten priority markets for General Mills, and hosts our Global Shared Services Centre. This is the Global Shared Services arm of General Mills Inc., which supports its operations worldwide. With over 1,300 employees in Mumbai, the center has capabilities in the areas of Supply Chain, Finance, HR, Digital and Technology, Sales Capabilities, Consumer Insights, ITQ (R&D & Quality), and Enterprise Business Services. Learning and capacity-building is a key ingredient of our success.

Shift Timings - Regular

About General Mills
We make food the world loves: 100 brands. In 100 countries. Across six continents. With iconic brands like Cheerios, Pillsbury, Betty Crocker, Nature Valley, and Häagen-Dazs, we’ve been serving up food the world loves for 155 years (and counting). Each of our brands has a unique story to tell.

How we make our food is as important as the food we make. Our values are baked into our legacy and continue to accelerate us into the future as an innovative force for good. General Mills was founded in 1866 when Cadwallader Washburn boldly bought the largest flour mill west of the Mississippi. That pioneering spirit lives on today through our leadership team who upholds a vision of relentless innovation while being a force for good. The awards and recognition we’ve received showcase our commitment to be a force for good:

• World’s Most Admired Companies, Fortune 2022
• America’s Most Responsible Companies, Newsweek 2022
• 100 Best Corporate Citizens, 3BL 2021
• Best Places to Work for LGBTQ Equality, Human Rights Campaign 2022
• 100 Best Companies, Seramount 2021
• Diversity Best Practices Leading Inclusion Index, Seramount 2021
• Best Companies for Dads, Seramount 2021
• Best Companies for Multicultural Women, Seramount 2021
• Top 10 Companies for Executive Women, Seramount 2021
• Military Friendly Employer Bronze, VIQTORY 2021
• Best Place to Work, Canada, Greater Toronto, 2021
• Top 50 – India’s Best Workplaces for Women, 2021
• Top Workplaces in Brazil, 2021
• Asia’s Best Workplaces, 2021

Hungry for What’s Next
We exist to make food the world loves, and it shows. Our passion for people, doing good and creating delicious food has energized us for over 150 years. Breaking away from the pack is how we win, so we need your unique perspectives: your quirks, ‘crazy’ ideas, rigor and insatiable curiosity to make it happen. We want people who constantly experiment, embracing the new and bold, who keep pushing to turn ideas into reality, no matter how big or small. We’ve learned becoming the undisputed leader in food means continuously reshaping, reimagining and rebuilding— that only happens when you surround yourself with those who are hungry for what’s next.

For more details check out www.generalmills.com

General Mills India Centre
General Mills India Center (GIC) operates out of Mumbai and supports the global operations of General Mills. The center was established in 2005 and has grown in strength. Today, we are a vibrant and diverse team of over 1500 employees that come together to champion business services for the various global entities of General Mills in the areas of Business Operations, Analytics Consulting, Logistics, Finance, IT Development & Technology Consulting, Consumer & Market Intelligence, Sales Capabilities, Research & Development.

Digital and Technology team
Digital and Technology is the largest team in GIC, which focuses on understanding the latest and innovative trends in technology and leading the adoption of cutting-edge technologies at General Mills. The team closely collaborates with global business teams to understand business models and assess where technology can be leveraged to bring efficiency and disruption. Be it AI/ML, Data Science, IoT, NLP, Cloud, Infrastructure, RPA and Automation, Digital Transformation, Cyber Security, Blockchain or Enterprise Architecture, GIC Digital and Technology has something for every technology enthusiast who wants to work here. Our Mills Works initiative is where we bring agile@scale delivery model to life. Here, business and technology teams work cohesively in pods as ONE team, driven by a singular mission and focused on delivering value for the Company. Our employees, who work on large technology projects of strategic importance, are the Digital Transformation change agents.

Our service partnerships and employee engagement are centered on advancing equity and strengthening communities. We believe in an inclusive culture and trust in the power of people who have a passion for learning and growing with technology. We believe in “Work with Heart”. Work with Heart is focused on results, not facetime. If you are passionate about the latest in technology and want to make an impact on the digital transformation journey of a Fortune 500 company, we're waiting for you.

Job Overview
Role: Principal Engineer - DevSecOps - Mobile App Development
Location: Mumbai

Role Responsibilities
60 % of Time

• Principal Engineer DevSecOps provides technical leadership and guidance to the Product teams and development pods.
• She/He is an expert in identifying and fixing application vulnerabilities.
• She/He manages the application security program, defines standards, policies, and procedures, code remediation and coordinates with engineering teams to implement and maintain integrated applications .
• Perform security-focused code reviews
• Support and consult with product and development teams for application security, including threat modelling and AppSec reviews
• Play a lead role in developing and designing application-level security controls and standards.
• Partner with Cyber Security to perform application security design reviews against new products and services.
• Track and prioritize all security issues.
• Partner with Cyber Security to build/deploy internal security tools or recommend security tools that help fix security problems at scale.
• Perform code review and drive remediation of discovered security issues.
• Partner with Cyber Security to enable automated security testing at scale to measure vulnerability, and report on risk across all microservice, web and mobile platforms.
• Partner with Cyber Security to execute security tests for web and mobile applications across in-premise and cloud hosting providers.
• Promotes a culture of cyber security awareness that utilizes secure development standards to keep our digital assets safe

25 % of Time

• Technical SME on Application security and DevSecOps, CI/CD
• Learning and enhancing new skills
• Coaching, Mentoring and On-boarding team members
• Process improvements project/team level
• Lead in different initiatives (Knowledge sharing, Reading Groups, Dev Forums, etc.)
• Collaborates with other teams to utilize new features of platform technologies
• Continue to build on communication/soft skills

15 % of Time

• Networks with senior internal and external personnel in own area of expertise
• Advises project managers & analysts on Development impacts/strategies
• Effective project/task estimation
• More strategic conversation, a resource for managers/directors to translate technical discussions

Must - have technical skills and experience
• Strong foundations in backend application development.
• Minimum of 2 years of technical experience with any combination of the following: threat modelling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
• Minimum 3-4 years’ experience with applications development using Node.JS and other development frameworks
• Minimum 1 year experience with public/private cloud environments (OpenShift, Rancher, K8s, AWS, GCP, Azure, etc.) , Knowledge on GCP is an advantage.
• Experience in running assessments using OWASP MASVS and ASVS.
• Working knowledge on exploiting and fixing application vulnerabilities.
• Strong background in DevSecOps and setting up CI/CD, knowledge with containers is an added advantage.
• In-depth knowledge of common web application vulnerabilities (i.e., OWASP Top 10).
• Familiarity with automated dynamic scanners, fuzzers, and proxy tools.
• An analytical mind for problem solving, abstract thought, and offensive security tactics.
• Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences

Mobile related Must Have - JavaScript, Typescript, Node.JS, React.JS
DevOps Must Have - Containers, GIT, Kubernetes, CI/CD Pipeline
Cloud Must Have - GCP

Good to have skills

Application security Must Have - Mobile application security testing frameworks
Database Good to Have - MongoDB
Data / Integration App Good to Have - Big query, SQL , PubSub

Skill proficiency expectations

Expert level

Intermediate Level

Basic Level

· Node.JS


· CI/CD and Containers – Kubernetes

· System design

· Microservices Architecture

· REST API creation

· Cyber security frameworks for Applications

· Application performance optimization

· Big Query / SQL

· MongoDB

Mobile App development



We exist to make food the world loves. But we do more than that. Our company is a place that prioritizes being a force for good, a place to expand learning, explore new perspectives and reimagine new possibilities, every day. We look for people who want to bring their best — bold thinkers with big hearts who challenge one other and grow together. Because becoming the undisputed leader in food means surrounding ourselves with people who are hungry for what’s next.