Paytm

Job Description

We are seeking a highly skilled and motivated Technical Security Professional specializing in Vulnerability Assessment and Penetration Testing (VAPT), Source Code Review, API Security, and Web Application Security. As a member of our team, you will be responsible for ensuring the security and integrity of our systems, applications, and networks.

Responsibilities

• Conduct comprehensive Vulnerability Assessments and Penetration Tests (VAPT) on various systems, networks, and applications to identify security weaknesses and potential vulnerabilities.
• Perform thorough Source Code Reviews to identify security flaws, coding errors, and vulnerabilities in web applications and software products.
• Assess and enhance API security by evaluating API designs, configurations, and

implementations for potential security risks and vulnerabilities.

• Evaluate and enhance the security posture of web applications by conducting thorough security assessments and implementing appropriate security controls.
• Develop and implement security testing methodologies, tools, and procedures to improve the efficiency and effectiveness of security testing activities.
• Provide technical expertise and guidance to development teams, system administrators, and other stakeholders on security best practices and mitigation strategies.
• Collaborate with cross-functional teams to remediate identified security vulnerabilities and implement security controls to mitigate risks.
• Stay updated on the latest security trends, vulnerabilities, and best practices to continuously improve the security posture of our systems and applications.

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field. (Master degree preferred)
• 5 to 7 years of experience in conducting Vulnerability Assessments and Penetration Tests (VAPT) on enterprise systems, networks, and applications.
• 4 to 7 years of experience in performing Source Code Reviews for web applications and software products.
• Proficiency in using industry-standard security testing tools such as Nessus, Metasploit, Burp Suite, etc.
• Strong understanding of web application security principles, common vulnerabilities (e.g., OWASP Top 10), and mitigation techniques.
• Experience in assessing and enhancing API security, including authentication, authorization, encryption, and access control mechanisms.
• Knowledge of secure coding practices and common programming languages (e.g., Java, Python, C/C++, etc.).
• Knowledge of cloud security and DevSecOps processes.
• Excellent analytical and problem-solving skills with the ability to identify and mitigate complex security risks and vulnerabilities.
• Strong communication and interpersonal skills with the ability to effectively collaborate with cross-functional teams and stakeholders.
• Relevant security certifications such as CISSP, CEH, OSCP, etc., are preferred.