Head Application Security

Job Description

About Us:
Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm's mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology.

Key Responsibilities:
Lead and mentora team of 20+ Application Security Engineers, fostering a culture of technical excellence, ownership, and continuous improvement in secure software development.
Define and drive the enterprise application security strategy, embedding security into all stages of theSDLCand aligning with business objectives.
Oversee comprehensiveapplication vulnerability management, including identification, triage, prioritization, and remediation tracking of vulnerabilities across cloud-native, on-prem, and third-party applications.
Manage and optimize security testing programs (SAST, DAST, SCA, IAST, penetration testing, threat modeling, and code reviews) to ensure risks are detected early and addressed effectively.
Collaborate withEngineering, DevOps, and Cloud teamsto integrateAppSec controls into CI/CD pipelinesand enforce security guardrails for AWS-hosted applications and microservices.
ProvideAWS application security expertise, including IAM best practices, secrets management, container security (EKS/ECS), API security, and securing serverless workloads.
Lead technical response toapplication-layer incidents, ensuring timely detection, root cause analysis, containment, and remediation, while improving incident playbooks.
Establish and enforceapplication security standards, policies, and secure coding practicesaligned withOWASP, NIST, PCI-DSS, and cloud security benchmarks.
Drivesecure coding training and awareness programsfor developers and architects, elevating security maturity across product engineering teams.
Stay ahead of evolvingapplication threats, cloud security risks, and DevSecOps practicesto continuously strengthen the organization's AppSec posture.
Provideexecutive-level reporting and metricson application risk, vulnerability trends, remediation progress, and overall security maturity to senior leadership and stakeholders.

Required Qualifications:
Bachelor's degree in Computer Science, Information Security, or related field (Master's preferred).
15+ years of experience in application security, with at least 5 years in a leadership or managerial role.
Proven track record of successfully managing and scaling security engineering teams of 20+ engineers.
Deep expertise in secure coding practices, vulnerability assessments, penetration testing, and threat modeling.
Extensive hands-on experience with modern application security tools (e.g., SAST, DAST, SCA, IAST).
Strong knowledge of web application technologies, cloud platforms (AWS, Azure, GCP), and secure development practices.
Thorough understanding of compliance requirements (e.g., GDPR, HIPAA, SOC 2) and the ability to integrate security measures within legal and regulatory frameworks.
In-depth experience with secure SDLC, CI/CD pipeline integration, and DevSecOps practices.
Excellent communication skills with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
Strong leadership and team-building skills, with a focus on fostering a culture of security excellence.

Desired Skills:
Certifications in application security (e.g., CISSP, OSCP, GWAPT) are highly preferred.
Experience with vulnerability management, threat intelligence, and risk management frameworks.
Familiarity with container security, microservices, and serverless architecture.
Proven ability to influence cross-functional teams to prioritize security in development processes.

Compensation
If you are the right fit, we believe in creating wealth for you. With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants - and we are committed to it. India's largest digital lending story is brewing here. It's your opportunity to be a part of the story

---