Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm’s mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology.

Lead and mentor a team of 20+ Application Security Engineers, fostering a culture of technical excellence, ownership, and continuous improvement in secure software development.

Define and drive the enterprise application security strategy, embedding security into all stages of the SDLC and aligning with business objectives.

Oversee comprehensive application vulnerability management, including identification, triage, prioritization, and remediation tracking of vulnerabilities across cloud-native, on-prem, and third-party applications.

Manage and optimize security testing programs (SAST, DAST, SCA, IAST, penetration testing, threat modeling, and code reviews) to ensure risks are detected early and addressed effectively.

Collaborate with Engineering, DevOps, and Cloud teams to integrate AppSec controls into CI/CD pipelines and enforce security guardrails for AWS-hosted applications and microservices.

Provide AWS application security expertise, including IAM best practices, secrets management, container security (EKS/ECS), API security, and securing serverless workloads.

Lead technical response to application-layer incidents, ensuring timely detection, root cause analysis, containment, and remediation, while improving incident playbooks.

Establish and enforce application security standards, policies, and secure coding practices aligned with OWASP, NIST, PCI-DSS, and cloud security benchmarks.

Drive secure coding training and awareness programs for developers and architects, elevating security maturity across product engineering teams.

Stay ahead of evolving application threats, cloud security risks, and DevSecOps practices to continuously strengthen the organization’s AppSec posture.

Provide executive-level reporting and metrics on application risk, vulnerability trends, remediation progress, and overall security maturity to senior leadership and stakeholders.

Bachelor's degree in Computer Science, Information Security, or related field (Master’s preferred).

15+ years of experience in application security, with at least 5 years in a leadership or managerial role.

Proven track record of successfully managing and scaling security engineering teams of 20+ engineers.

Deep expertise in secure coding practices, vulnerability assessments, penetration testing, and threat modeling.

Extensive hands-on experience with modern application security tools (e.g., SAST, DAST, SCA, IAST).

Strong knowledge of web application technologies, cloud platforms (AWS, Azure, GCP), and secure development practices.

Thorough understanding of compliance requirements (e.g., GDPR, HIPAA, SOC 2) and the ability to integrate security measures within legal and regulatory frameworks.

In-depth experience with secure SDLC, CI/CD pipeline integration, and DevSecOps practices.

Excellent communication skills with the ability to articulate complex security concepts to both technical and non-technical stakeholders.

Strong leadership and team-building skills, with a focus on fostering a culture of security excellence.

Certifications in application security (e.g., CISSP, OSCP, GWAPT) are highly preferred.

Experience with vulnerability management, threat intelligence, and risk management frameworks.

Familiarity with container security, microservices, and serverless architecture.

Proven ability to influence cross-functional teams to prioritize security in development processes.

 Compensation

 If you are the right fit, we believe in creating wealth for you. With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!