Manager - Application & Product Security

1 Month ago • 12-18 Years • Product Management

Job Summary

Job Description

Zeta is a Next-Gen Banking Tech company seeking an Application Security Manager to join their Risk & Compliance team. This role involves safeguarding all mobile, web applications, and APIs by identifying vulnerabilities through testing and ethical hacking, and educating developers on resolutions. The primary goal is to ensure the security of Zeta's applications and platforms. Responsibilities include participating in design reviews and threat modeling, ensuring secure application development, managing project scope for security initiatives, driving internal adoption, acting as a security engineering expert, leading hiring and mentoring for the security team, assessing security tools, liaising with stakeholders, managing the bug bounty program, and owning the security posture of applications. The ideal candidate will have hands-on experience in Vulnerability Assessment and Penetration Testing across various environments, a deep understanding of OWASP Top 10, secure SDLC activities, threat modeling, secure coding practices, and experience with various security tools. Proficiency in cloud infrastructure, scripting, and scripting languages is also required.
Must have:
  • Vulnerability Assessment & Penetration Testing
  • OWASP Top 10 understanding
  • Secure SDLC & Threat Modeling
  • Secure Coding practices
  • Experience with security tools (Burp Suite, AppScan, etc.)
  • Business logic vulnerability expertise
  • Cryptography and TLS knowledge
  • AuthN/AuthZ frameworks (OIDC, OAuth, SAML)
  • Static Analysis & Code Reviews
  • Mobile app reverse engineering
  • Cloud infrastructure security (AWS, Azure)
  • Scripting (Python, Ruby)
  • PA-DSS, PCI DSS, NIST familiarity
  • Java frameworks (Spring Boot), CI/CD
  • Agile development practices
Good to have:
  • Development background
  • Fintech sector experience
  • OSCP, OSWE, GWAPT, AWAE certifications
  • AWS Certified Security Specialist
  • CompTIA Security+
Perks:
  • Growth opportunities
  • Chasing disruptive goals
  • Adventurous and exhilarating work environment
  • Work with top industry minds
  • Culture valuing diversity of thoughts
  • Continuous learning and self-improvement

Job Details

About Zeta

Zeta is a Next-Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future. It was founded by Bhavin Turakhia and Ramki Gaddipati in 2015. Our flagship processing platform - Zeta Tachyon - is the industry’s first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing, lending, core banking, fraud & risk, and many more capabilities as a single-vendor stack. 15M+ cards have been issued on our platform globally. Zeta is actively working with the largest Banks and Fintechs in multiple global markets transforming customer experience for multi-million card portfolios. Zeta has over 1700+employees - with over 70%roles in R&D - across locations in the US,EMEA, and Asia. We raised$280 million at a$1.5 billion valuation from Softbank, Mastercard, and other investors in 2021.Learn more @www.zeta.tech,careers.zeta.tech,Linkedin,Twitter


The Role

As part of the Risk & Compliance team within the Engineering division at Zeta, the Application Security Manager is tasked with safeguarding all mobile, web applications, and APIs. This involves identifying vulnerabilities through testing and ethical hacking, while also educating developers and DevOps teams on how to resolve them. Your primary goal will be to ensure the security of Zeta's applications and platforms. As a manager, you'llbe responsible for securing all of Zeta’s products. In this individual contributor role, you will report directly to the Chief Information Security Officer (CISO). 
 
The role involves ensuring the security of web and mobile applications, APIs, and infrastructure by conducting regular VAPT. It requires providing expert guidance to developers on how to address and fix security vulnerabilities, along with performing code reviews to identify potential security issues. The role also includes actively participating in application design discussions to ensure security is integrated from the beginning and leading Threat Modeling exercises to identify potential threats. Additionally, the profile focuses on developing and promoting secure coding practices, educating developers and QA engineers on security standards for secure coding, data handling, network security, and encryption. The role also entails evaluating and integrating security testing tools like SAST, DAST, and SCA into the CI/CD pipeline to enhance continuous security integration. 

Responsibilities
  • Guide Security and Privacy Initiatives: Actively participate in design reviews and threat modeling sessions to help shape the security and privacy approach for technology projects, ensuring security is embedded at all stages of application development. 
  • Ensure Secure Application Development: Collaborate with developers and product managers to ensure that applications are securely developed, hardened, and aligned with industry best practices. 
  • Project Scope Management: Define the scope for security initiatives, ensuring continuous adherence throughout each project phase, from initiation to sustenance/maintenance. 
  • Drive Internal Adoption and Visibility: Ensure that security projects are well-understood and adopted by internal stakeholders, fostering a culture of security awareness within the organization. 
  • Security Engineering Expertise: Serve as a technical expert and security champion within Zeta, providing guidance and expertise on security best practices across the organization. 
  • Team Leadership and Development
  • Make decisions on hiring and lead the hiring process to build a skilled security team. 
  • Define and drive improvements in the hiring process to attract top security talent. 
  • Mentor and guide developers and QA teams on secure coding practices and security awareness. 
  • Security Tool and Gap Assessment: Continuously assess and recommend tools to address gaps in application security, ensuring the team is equipped with the best resources to identify and address vulnerabilities. 
  • Stakeholder Liaison: Collaborate with both internal and external stakeholders to ensure alignment on security requirements and deliverables, acting as the main point of contact for all security-related matters within the team. 
  • Bug Bounty Program Management: Evaluate and triage security bugs reported through the Bug Bounty program, working with relevant teams to address and resolve issues effectively. 
  • Own Security Posture: Take ownership of the security posture of various applications across the business units, ensuring that security best practices are consistently applied and maintained.

Skills
  • Hands-on experience in Vulnerability Assessment (VA) and Penetration Testing (PT) across web, mobile, API, and network/Infra environments. 
  • Deep understanding of the OWASP Top 10 and their respective attack and defense mechanisms. 
  • Strong exposure to Secure SDLC activities, Threat Modeling, and Secure Coding practices. 
  • Experience with both commercial and open-source security tools, including Burp Suite, AppScan, OWASP ZAP, BEEF, Metasploit, Qualys, Nipper, Nessus andSnyk
  • Expertise in identifying and exploiting business logic vulnerabilities
  • Solid understanding of cryptography, PKI-based systems, and TLS protocols. 
  • Proficiency in various AuthN/AuthZ frameworks (OIDC, OAuth, SAML) and the ability to read, write, and understand Java code. 
  • Experience with Static Analysis and Code Reviews using tools like Snyk,Fortify,Veracode, Checkmarx, and SonarQube
  • Hands-on experience in reverse engineering mobile apps and using tools like Dex2jar, ADB, Drozer, Clang, iMAS, and Frida/Objection for dynamic instrumentation. 
  • Experience conducting penetration tests and security assessments on internal/external networks, Windows/Linux environments, and cloud infrastructure (primarily AWS). 
  • Ability to identify and exploit security vulnerabilities and misconfigurations in Windows and Linux servers
  • Proficiency in shell scripting and automating tasks with tools such as Python or Ruby
  • Familiarity with PA-DSS, PCI SSF (S3, SSLC), and other security standards like PCI DSS, DPSC, ASVS and NIST
  • Understanding of Java frameworks like Spring Boot, CI/CD processes, and tools like Jenkins & Bitrise. 
  • In-depth knowledge of cloud infrastructure (AWS, Azure), including VPC/VNet, S3 buckets, IAM,Security Groups, blob stores, Load Balancers, Docker containers, and Kubernetes
  • Solid understanding of agile development practices. 
  • Active participation in bug bounty programs (HackerOne, Bug Crowd, etc.) and experience with hackathons and Capture the Flag (CTF) competitions. 
  • Knowledge of AWS/Azure services, including network configuration and security management. 
  • Experience with databases (PostgreSQL, Redshift, MySQL) and other data storage solutions like Elasticsearch and S3 buckets
  • Preferred Certifications: OSCP, OSWE, GWAPT, AWAE, AWS Certified Security Specialist, CompTIA Security+ 

Experience and Qualifications
  • 12 to 18 years of overall experience in application security, with a strong background in identifying and mitigating vulnerabilities in software applications. 
  • A background in development and experience in the fintech sector is a plus. 
  • Bachelor of Technology (BE/B.Tech), M.Tech, or ME in Computer Science or an equivalent degree from an Engineering college/University.

Life At Zeta

At Zeta, we want you to grow to be the best version of yourself by unlocking the great potential that lies within you. This is why our core philosophy is ‘People Must Grow.’ We recognize your aspirations; act as enablers by bringing you the right opportunities, and let you grow as you chase disruptive goals. 

#LifeAtZeta is adventurous and exhilarating at the same time. You get to work with some of the best minds in the industry and experience a culture that values the diversity of thoughts. If you want to push boundaries, learn continuously and grow to be the best version of yourself,  Zeta is the place to be!  Explore the life at zeta 

Zeta is an equal opportunity employer.  

At Zeta, we are committed to equal employment opportunities regardless of job history, disability, gender identity, religion, race, marital/parental status, or another special status. We are proud to be an equitable workplace that welcomes individuals from all walks of life if they fit the roles and responsibilities.

Similar Jobs

FICO - Platform Sales Partner

FICO

Brazil (Remote)
2 Years ago
Patreon - Acquisitions Coordinator

Patreon

New York, New York, United States (On-Site)
3 Months ago
Match Group - Senior Data Engineer, Trust & Safety

Match Group

New York, United States (Hybrid)
9 Months ago
endava - Oracle Data & Analytics Specialist (OAC & BI Platforms)

endava

Cluj-Napoca, Cluj County, Romania (On-Site)
1 Month ago
bytedance - Backend Software Engineer, Data Engineering

bytedance

Singapore (On-Site)
8 Months ago
Expedia - Sr. Product Manager, Agent Experience

Expedia

Seattle, Washington, United States (On-Site)
1 Month ago
Sony pictures animation  - Production Coordinator - Series

Sony pictures animation

Los Angeles, California, United States (On-Site)
2 Months ago
Bally's Interactive - Senior Technical Data/AI Product Manager (iGaming)

Bally's Interactive

London, England, United Kingdom (On-Site)
1 Month ago
Ion - Senior Product Manager - Post Trade (Cleared Derivatives)

Ion

Chicago, Illinois, United States (On-Site)
9 Months ago
Likewize - Product Services Analyst

Likewize

Southlake, Texas, United States (On-Site)
1 Year ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Tesla - Training Coordinator - Parts Operations

Tesla

Fuenlabrada, Community Of Madrid, Spain (On-Site)
5 Months ago
NinjaVan - Account Manager (Relationships)

NinjaVan

(Hybrid)
4 Months ago
Sony Pictures Entertainment - Lead, Corporate IT - Workday Platform

Sony Pictures Entertainment

Culver City, California, United States (On-Site)
1 Month ago
Western Digital - Data Analytics Engineering Intern

Western Digital

Bayan Lepas, Penang, Malaysia (On-Site)
3 Weeks ago
Assystems - Mechanical Engineer (Cataloguing Coordinator)

Assystems

Al Khobar, Eastern Province, Saudi Arabia (On-Site)
3 Months ago
Pluralsight - People Business Partner Director, Revenue

Pluralsight

United States (Remote)
1 Month ago
Rockstar Games - Associate Designer: Missions

Rockstar Games

Carlsbad, California, United States (On-Site)
2 Months ago
NXP - 2026 Intern - Product Master Data Maintenance

NXP

Tianjin, Tianjin, China (On-Site)
1 Day ago
Guardian - Data & AI Product Delivery Vertical Lead

Guardian

United States (Hybrid)
3 Days ago
Reltio - Senior AI Engineer

Reltio

Bengaluru, Karnataka, India (Hybrid)
2 Days ago

Get notifed when new similar jobs are uploaded

Jobs in Hyderabad, Telangana, India

Oliver Agency - Producer

Oliver Agency

India (Remote)
1 Week ago
Playdawn Consulting - 3D Animator (Mobile Games)

Playdawn Consulting

Bengaluru, Karnataka, India (On-Site)
4 Months ago
rivos - CPU Physical Design - Full time

rivos

Bengaluru, Karnataka, India (On-Site)
9 Months ago
luxsoft - Performance Test Engineer

luxsoft

Pune, Maharashtra, India (On-Site)
1 Month ago
NVIDIA - Senior Python Software Engineer, Security

NVIDIA

Bengaluru, Karnataka, India (Hybrid)
3 Months ago
Merkur gaming  - Associate Manager/ Manager - HR

Merkur gaming

Noida, Uttar Pradesh, India (On-Site)
1 Month ago
Neolytix - AI/ML Engineer

Neolytix

Gurugram, Haryana, India (Hybrid)
5 Days ago
Capgemini - Angular and UI Development

Capgemini

Hyderabad, Telangana, India (On-Site)
1 Month ago
Capgemini - Engagement Management

Capgemini

Hyderabad, Telangana, India (On-Site)
1 Month ago
Excel Hr solutions - Art Director with Gaming Experience

Excel Hr solutions

Navi Mumbai, Maharashtra, India (Remote)
2 Years ago

Get notifed when new similar jobs are uploaded

Product Management Jobs

Autodesk - Senior Director, Product Management

Autodesk

San Francisco, California, United States (Hybrid)
5 Days ago
Tekion Corp - Senior Manager of Data, ML, and AI Product Management

Tekion Corp

Pleasanton, California, United States (On-Site)
4 Months ago
Thales - Product Line Manager - Security Portfolio (Crypto & Cyber)

Thales

Tubize, Wallonia, Belgium (On-Site)
2 Months ago
Fliff - Product Manager - Sports Betting

Fliff

(Remote)
2 Months ago
UPF Industries  - Production Management Trainee - Factory Built

UPF Industries

Folkston, Georgia, United States (On-Site)
3 Days ago
pentair - PMO Portfolio Manager, Residential Water Treatment Products

pentair

Brookfield, Wisconsin, United States (Hybrid)
1 Year ago
Scopely - Senior Product Manager (Growth) - Star Trek Fleet Command

Scopely

Ireland (Remote)
5 Months ago
Welltech - Senior Product Manager

Welltech

Ukraine (Remote)
2 Months ago
bounteous - Product Manager, B2B

bounteous

Bernards, New Jersey, United States (Hybrid)
9 Months ago
Techstar group - SAP Production Consultant

Techstar group

Dallas, Texas, United States (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Mumbai, Maharashtra, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Hyderabad, Telangana, India (On-Site)

Mumbai, Maharashtra, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Washington, District Of Columbia, United States (Hybrid)

Bengaluru, Karnataka, India (On-Site)

Mumbai, Maharashtra, India (On-Site)

Mumbai, Maharashtra, India (On-Site)

View All Jobs

Get notified when new jobs are added by zeta