Application Security Engineer

Toronto
Paytm Labs
Full-time
About Paytm Labs:

At Paytm Labs, we build technologies that powers Paytm India, the world's’ fastest growing mobile payments and commerce ecosystem. In addition to, the Paytm Canada app. We use our skills and our biggest asset – data, to make our dent in this universe.
 
We are committed to offering the most transparent, secure, and personalized consumer experience to over 230 million users. We believe that this kind of scale, and the unique problems that it presents attracts curious candidates like yourself.

Job Description:

Are you a passionate engineer who derives purpose in life by protecting the confidentiality and integrity of large-scale consumer-facing systems with your deep understanding of application development and hacker's mindset to detect vulnerabilities and helping teams fix it? If so, then we would like to hear from you.

What It's About:
• Pushing the boundaries of security technology to create defenses for large scale production infrastructure, spanning multiple clouds and impacting millions of customer's daily lives.
• Acting as both a builder and a breaker by creating tools to help engineers write more secure code and performing penetration tests for public and internal applications.
• Conduct manual and automated application security testing and source code auditing for a variety of technologies
• Providing subject matter expertise in architecture, authentication, and systems security. Understanding our full engineering stack, services, and data flow, and owning their security controls.
• Working in a fast pace environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow.
• Performing source-code reviews, code check-ins/audits.
• Implementing and maintaining technologies for security, such as vulnerability testing, logging, monitoring and incident responses.
• Consulting with engineers on planned/current platform and code changes to ensure security is given due consideration during architectural planning and implementation.
• Assist engineering teams in developing additional security tests
• Develop tools to support application security review process
• Stay on top of the latest security research including best practices, threats, trends and vulnerabilities affecting development frameworks used at Paytm.

What You'll Need:
• A passion for security
• Bachelor of computer science, computer engineering or equivalent
• Strong written and verbal communication skills.
• Ability to train other engineers on application security basics.
• Firm grasp of networking protocols and operations. Comfortable with low-level packet sniffing, working knowledge of Kali, Wireshark, Burpsuite, Metasploit, nmap, fiddler, sqlmap, nessus. Knowledge of network attacks, detections, and defenses.
• Must have experience in programming languages and security frameworks such as Python, Ruby, Node.js, Java, Golang, Bash, Spring Security, and Shiro.
• Knowledge of AWS and Cloud Data Security such as EC2, ECS, VPC, VPN, IAM, KMS, Security Groups/Subnets, etc. is required.
• Must have knowledge of theoretical and applied cryptography, key management, and a strong understanding of cryptography algorithms such as RSA, AES, SSL vs TLS, PKI, etc.
• Working knowledge with Vault or KMS is considered an asset.
• Thorough understanding of authentication, authorization, and directory services such as SSO, OAuth, or OpenId.
• Experience in conducting application security reviews for a complex set of technologies
• Experience triaging and validating security vulnerabilities

Experience:
• 3+ years in application security role
• 5+ years in engineer role

Background:
• Bachelor of computer science, computer engineering or equivalent

What We Offer:
• A collaborative, open work environment that fosters ownership, creativity, and urgency.
• Group Health Benefits plan and enrollment right from the day you start working, no waiting period.
• We believe in hard work, fun, innovation, and team building. Every other month, we plan an activity to celebrate that. So far, we've been biking, axe-throwing, bowling, indoor rocking climbing and go-karting (just to name a few).
• Chocolates & Snacks: Our "Chief Chocolate Officer" is in charge of stocking high-quality chocolates for all.
• Ping Pong: A chance to be Paytm Labs table tennis champion!

*Selected candidates will be given a technical challenge*

Paytm Labs is committed to meeting the accessibility needs of all individuals in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and the Ontario Human Rights Code (OHRC). Should you require accommodations during the recruitment and selection process, please let us know. Paytm Labs is an equal opportunity employer.

We thank all applicants, however, only those selected for an interview will be contacted.