Title: Application Security- Lead Security Engineer About Us: Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm’s mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology About the team: The fintech revolution in the industry is driving change at an exciting pace - creating an interconnected world. The resulting pervasiveness of cyber brings both new business opportunities, and new cyber threats. Paytm Cyber Security team is on its fast paced journey to fortify the cyber security posture and strengthen the security controls by shifting security left. From securing our crown jewels to strict adherence of regulatory and compliance requirements, our commitment is to make Paytm one of the safest business applications with world class security in place. About the role: As a Application security professional we expect you to have a solid understanding of multiple cloud platforms and security solutions, industry best practices, business processes or technology designs family. You will own and drive complex cloud security projects and improvements that need independent judgment, in order to improvise the cloud security posture and technological enhancement to meet our security goals. The cloud security engineer will perform cloud/cyber security assessments of our environment to ensure the safety and security of Paytm infrastructure assets by uncovering potential security vulnerabilities and advising on remediation and automation as part of our cloud security maturity program. Expectations/ Requirements· Education qualification: Any full-time graduate (Bachelor of Science from an accredited institution)· 7+ years of Information Security / Cybersecurity experience.· In-depth knowledge of Application security concepts. Perform Mobile application security assessment (Android & iOS) (Mandatory). Familiarity with Secure Design Review, Threat Modeling, and testing methodologies such as OWASP, SANS.. Proficiency in SAST, DAST,
DevSecOps and SCA vulnerability triage and assessment.· Ability to flow from black box to grey box to white-box tests.· Ability to perform Secure source code review (Manual/Automated)· In-depth knowledge of Vulnerability Mitigation strategies.· Experience with programming languages such as
Bash, Python, Go, nodeJS. At Least one programming language is a Must.· Good understanding of Application architecture and cloud platforms (AWS)· Ability to perform vulnerability assessments and penetration testing, utilizing tools- commercial and open source.· Ability to exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Android, iOS, and Web· Ability to effectively work with the engineering/Development teams to provide them understanding of the issues and explain about Technical risk/Impact of the issue and guide them with industry best practices for Mitigating it.· Providing training for development and engineering teams regarding secure coding practices· Good communication skills. Superpowers/ Skills that will help you succeed in this role ● High level of drive, initiative and self-motivation● Ability to take internal and external stakeholders along ● Understanding of Technology and User Experience ● Love for simplifying ● Growth Mindset● Willingness to experiment and improve continuously● Strong decision-making abilities Why join us ● Because you get an opportunity to make a difference, and have a great time doing that.● You are challenged and encouraged here to do stuff that is meaningful for you and for those we serve.● You should work with us if you think seriously about what technology can do for people.● We are successful, and our successes are rooted in our people collective energy and unwavering focus on the customer, and that's how it will always be. Compensation: If you are the right fit, we believe in creating wealth for you. With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!