Product Security Engineer (App Security)

About PhonePe Group: 

PhonePe is India’s leading digital payments company with 50 crore (500 Million) registered users and 3.7 crore (37 Million) merchants covering over 99% of the postal codes across India. On the back of its leadership in digital payments, PhonePe has expanded into financial services (Insurance, Mutual Funds, Stock Broking, and Lending) as well as adjacent tech-enabled businesses such as Pincode for hyperlocal shopping and Indus App Store which is India's first localized App Store. The PhonePe Group is a portfolio of businesses aligned with the company's vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services.

Culture

At PhonePe, we take extra care to make sure you give your best at work, Everyday! And creating the right  environment for you is just one of the things we do. We empower people and trust them to do the right  thing. Here, you own your work from start to finish, right from day one. Being enthusiastic about tech is a  big part of being at PhonePe. If you like building technology that impacts millions, ideating with some of  the best minds in the country and executing on your dreams with purpose and speed, join us!

Job Description – 

We are looking for a skilled Application Security Engineer to strengthen our security posture by proactively identifying and mitigating vulnerabilities across our web applications, APIs, and mobile apps. The ideal candidate will have a strong background in penetration testing, secure code review, and security automation.

Roles & Responsibilities(What will you do):

-Perform penetration testing of web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance.

-Conduct manual and automated secure code reviews, primarily in Java, Python, and JavaScript.

-Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort.

-Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles.

-Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks.

-Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors while effectively communicating security findings to stakeholders.



What Makes You a Great Fit

-1-5 years of experience in application security, penetration testing, or related fields.

-Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI and other mobile security testing frameworks.

-Experience integrating security into SDLC and familiarity with DevSecOps tools.

-Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques.

-Strong scripting skills (Python preferred) for security automation.

-Excellent communication and stakeholder management abilities.

-Passion for continuous learning and staying updated on security trends.

-Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF partipation are a plus

PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles)

• Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance
• Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System
• Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program
• Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy
• Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment 
• Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe on our blog.

Life at PhonePe

PhonePe in the news