Application Security- Lead Security Engineer
About the job
Job Description
As a Lead Security Engineer at Paytm, you'll leverage your 7+ years of experience in application security to drive improvements in Paytm's cloud security posture. Responsibilities include performing security assessments, uncovering vulnerabilities, advising on remediation and automation, and working with engineering teams to mitigate risks. You'll conduct mobile application security assessments (Android & iOS), secure design reviews, threat modeling, and utilize SAST, DAST, DevSecOps, and SCA tools. Experience with vulnerability exploitation and secure source code review is crucial. Proficiency in at least one programming language (Bash, Python, Go, NodeJS) and a good understanding of application architecture and AWS are also required. You will provide training to development teams on secure coding practices. This role demands strong communication and collaboration skills.
Must have:
- 7+ years cybersecurity experience
- In-depth application security knowledge
- Mobile app security assessment (Android & iOS)
- SAST, DAST, DevSecOps, SCA experience
- Vulnerability mitigation strategies
- Secure source code review
- Proficiency in at least one programming language
- AWS cloud platform understanding
- Vulnerability assessment and penetration testing
Good to have:
- High level of drive and initiative
- Ability to work with stakeholders
- Understanding of technology and user experience
- Strong decision-making abilities
Title: Application Security- Lead Security Engineer
About Us:
Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm’s mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology
About the team: The fintech revolution in the industry is driving change at an exciting pace - creating an interconnected world. The resulting pervasiveness of cyber brings both new business opportunities, and new cyber threats. Paytm Cyber Security team is on its fast paced journey to fortify the cyber security posture and strengthen the security controls by shifting security left. From securing our crown jewels to strict adherence of regulatory and compliance requirements, our commitment is to make Paytm one of the safest business applications with world class security in place.
About the role: As a Application security professional we expect you to have a solid understanding of multiple cloud platforms and security solutions, industry best practices, business processes or technology designs family. You will own and drive complex cloud security projects and improvements that need independent judgment, in order to improvise the cloud security posture and technological enhancement to meet our security goals. The cloud security engineer will perform cloud/cyber security assessments of our environment to ensure the safety and security of Paytm infrastructure assets by uncovering potential security vulnerabilities and advising on remediation and automation as part of our cloud security maturity program.
Expectations/ Requirements
· Education qualification: Any full-time graduate (Bachelor of Science from an accredited institution)
· 7+ years of Information Security / Cybersecurity experience.
· In-depth knowledge of Application security concepts
. Perform Mobile application security assessment (Android & iOS) (Mandatory)
. Familiarity with Secure Design Review, Threat Modeling, and testing methodologies such as OWASP, SANS.
. Proficiency in SAST, DAST, DevSecOps and SCA vulnerability triage and assessment.
· Ability to flow from black box to grey box to white-box tests.
· Ability to perform Secure source code review (Manual/Automated)
· In-depth knowledge of Vulnerability Mitigation strategies.
· Experience with programming languages such as Bash, Python, Go, nodeJS. At Least one programming language is a Must.
· Good understanding of Application architecture and cloud platforms (AWS)
· Ability to perform vulnerability assessments and penetration testing, utilizing tools- commercial and open source.
· Ability to exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Android, iOS, and Web
· Ability to effectively work with the engineering/Development teams to provide them understanding of the issues and explain about Technical risk/Impact of the issue and guide them with industry best practices for Mitigating it.
· Providing training for development and engineering teams regarding secure coding practices
· Good communication skills.
Superpowers/ Skills that will help you succeed in this role
● High level of drive, initiative and self-motivation
● Ability to take internal and external stakeholders along
● Understanding of Technology and User Experience
● Love for simplifying
● Growth Mindset
● Willingness to experiment and improve continuously
● Strong decision-making abilities
Why join us
● Because you get an opportunity to make a difference, and have a great time doing that.
● You are challenged and encouraged here to do stuff that is meaningful for you and for those we serve.
● You should work with us if you think seriously about what technology can do for people.
● We are successful, and our successes are rooted in our people collective energy and unwavering focus on the customer, and that's how it will always be.
Compensation:
If you are the right fit, we believe in creating wealth for you. With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!
View Full Job Description
Add your resume
80%
Upload your resume, increase your shortlisting chances by 80%
Similar Jobs
Intel Corporation, Poland (Hybrid)
Astreya, India (On-Site)
Voodoo, France (Hybrid)
Super, Canada (Remote)
Intel Corporation, United States (On-Site)
PwC, India (On-Site)
PwC, India (On-Site)
ByteDance, United States (On-Site)
Palo Alto Networks, India (On_site)
Saviynt, India (Hybrid)
Get notifed when new similar jobs are uploaded
Similar Skill Jobs
ION, Canada (On-Site)
Eleven Labs, United Kingdom (Remote)
Xactly Corp, India (On-Site)
Eleven Labs, (Remote)
Saviynt, India (Hybrid)
Take-Two Interactive, India (On-Site)
Eleven Labs, United States (Remote)
Playrix, Ukraine (Remote)
PlayStation Global, United States (On-Site)
Fluence, United Kingdom (Remote)
Get notifed when new similar jobs are uploaded
Jobs in Noida, Uttar Pradesh, India
PwC, India (On-Site)
Cadence, India (On-Site)
LSEG (London Stock Exchange Group), India (On-Site)
Vigaet, India (On-Site)
NVIDIA, India (On-Site)
Advitha Tech Solutions, India (Remote)
Miles Education, India (On-Site)
Rockstar Games, India (On-Site)
RENUKA INTERPRISES, India (Hybrid)
Vibrnd, India (On-Site)
Get notifed when new similar jobs are uploaded
Cyber Security Jobs
Microsoft, (On-Site)
PwC, India (On-Site)
Smarsh, United Kingdom (Remote)
Globalization Partners, (Remote)
Infoblox, India (On-Site)
Warner Bros Discovery, United States (Hybrid)
Barbaricum, United States (On-Site)
PwC, India (On-Site)
Dream11, India (On-Site)
Barracuda Networks Inc , India (On-Site)
Get notifed when new similar jobs are uploaded
