Head Application Security

About Us:

Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm’s mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology.

Key Responsibilities:

• Lead, mentor, and manage a high-performing team of 20+ Application Security Engineers, promoting a culture of continuous improvement and collaboration.
• Develop and implement a comprehensive application security strategy, identifying, assessing, and mitigating risks across the organization’s software development lifecycle.
• Oversee application security testing, vulnerability assessments, code reviews, and penetration testing efforts to ensure adherence to best security practices throughout the development process.
• Collaborate with cross-functional teams (Engineering, DevOps, Product Management, etc.) to integrate security seamlessly into the product development lifecycle.
• Lead response efforts to application security incidents, ensuring effective detection, containment, and resolution.
• Stay current with the latest security threats, trends, and best practices to continuously improve the team's capabilities and knowledge.
• Establish and enforce application security policies, standards, and guidelines to ensure a consistent approach to security across all applications.
• Drive and execute training programs to elevate the security awareness of development and engineering teams.
• Provide regular security performance reports and risk mitigation updates to senior leadership.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field (Master’s preferred).
• 15+ years of experience in application security, with at least 5 years in a leadership or managerial role.
• Proven track record of successfully managing and scaling security engineering teams of 20+ engineers.
• Deep expertise in secure coding practices, vulnerability assessments, penetration testing, and threat modeling.
• Extensive hands-on experience with modern application security tools (e.g., SAST, DAST, SCA, IAST).
• Strong knowledge of web application technologies, cloud platforms (AWS, Azure, GCP), and secure development practices.
• Thorough understanding of compliance requirements (e.g., GDPR, HIPAA, SOC 2) and the ability to integrate security measures within legal and regulatory frameworks.
• In-depth experience with secure SDLC, CI/CD pipeline integration, and DevSecOps practices.
• Excellent communication skills with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
• Strong leadership and team-building skills, with a focus on fostering a culture of security excellence.

Desired Skills:

• Certifications in application security (e.g., CISSP, OSCP, GWAPT) are highly preferred.
• Experience with vulnerability management, threat intelligence, and risk management frameworks.
• Familiarity with container security, microservices, and serverless architecture.
• Proven ability to influence cross-functional teams to prioritize security in development processes.

Compensation

If you are the right fit, we believe in creating wealth for you. With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!