Risk Analyst (Security Engineering)

About PhonePe Group: 

PhonePe is India’s leading digital payments company with 50 crore (500 Million) registered users and 3.7 crore (37 Million) merchants covering over 99% of the postal codes across India. On the back of its leadership in digital payments, PhonePe has expanded into financial services (Insurance, Mutual Funds, Stock Broking, and Lending) as well as adjacent tech-enabled businesses such as Pincode for hyperlocal shopping and Indus App Store which is India's first localized App Store. The PhonePe Group is a portfolio of businesses aligned with the company's vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services.

Culture

At PhonePe, we take extra care to make sure you give your best at work, Everyday! And creating the right  environment for you is just one of the things we do. We empower people and trust them to do the right  thing. Here, you own your work from start to finish, right from day one. Being enthusiastic about tech is a  big part of being at PhonePe. If you like building technology that impacts millions, ideating with some of  the best minds in the country and executing on your dreams with purpose and speed, join us!

PhonePe is the leading payments app in India and we are looking for people who are experts  in Application Security. You will be responsible for security assessments and penetration testing of application and merchant integrations as well as security research and development of security tools, processes and testing methodologies.

Desired Qualifications and Skills set-

We are seeking a skilled and motivated Risk Analyst & Vulnerability Management professional to join our Product Security team. The ideal candidate will be critical in assessing and mitigating security risks associated with our mobile and web applications. You will be responsible for managing Vulnerability Management Lifecycle through risk analysis, vulnerability prioritisation, and working collaboratively with development teams to implement effective mitigation strategies and maintain the overall SLA.   Key Responsibilities:

• Risk Assessment: Perform comprehensive risk assessments for our mobile & web applications, prioritising vulnerabilities and security risks and driving effective mitigation/remediation strategies. Evaluate risks based on their potential impact, likelihood, and business context, and provide actionable and time-bound recommendations for mitigation.
• Vulnerability Management: Maintain Vulnerability Management Lifecycle as per organisation standards with reference to industry standards and practices. Analyse scan results, prioritise vulnerabilities based on risk and collaborate with development teams to coordinate timely remediation efforts.
• Mitigation Strategies: Collaborate closely with development teams to define and implement effective mitigation strategies for identified vulnerabilities. Assist in the design and implementation of secure coding practices and application security controls.
• Security Awareness: Provide guidance and training to development teams on risk assessment methodologies, vulnerability management best practices, and secure coding principles. Promote a culture of security awareness and proactive risk management.
• Reporting and Documentation: Maintain detailed records of risk assessments, vulnerability assessments, and mitigation efforts. Generate clear and concise reports and documentation for stakeholders, including management, development teams, and auditors.
• Collaboration: Work collaboratively with cross-functional teams, including developers, quality assurance engineers, and IT personnel, to ensure that security considerations are integrated throughout the software development lifecycle.
• Continuous Improvement: Stay informed about emerging security threats, vulnerabilities, and industry trends. Identify opportunities to enhance vulnerability management processes and risk assessment methodologies.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Proven experience in risk analysis, vulnerability management, and application security, with a focus on identifying and mitigating vulnerabilities in mobile & web applications.
• Familiarity with vulnerability scanning tools, penetration testing methodologies, and risk assessment frameworks.
• Strong understanding of application security principles, secure coding practices, and common software vulnerabilities (e.g., OWASP Top Ten).
• Excellent analytical skills, with the ability to assess risks and prioritise based on potential impact and likelihood.
• Effective communication skills, including the ability to convey technical concepts to technical and non-technical stakeholders.
• Familiarity with regulatory compliance standards (e.g., GDPR, HIPAA) and industry security frameworks (e.g., NIST, ISO 27001) is a plus.
• Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are advantageous.
• Self-motivated and capable of working independently, as well as collaboratively within a team environment.

Why Join Us:

• Contribute to the enhancement of our application security posture and play a key role in identifying and mitigating security risks.
• Work in a dynamic and collaborative environment alongside skilled professionals dedicated to improving security practices.
• Opportunities for professional growth and skill development through training and hands-on experience.
• Competitive compensation package, comprehensive benefits, and potential for career advancement.

If you have a strong passion for risk analysis, vulnerability management, and application security, and you're eager to contribute to the security of our software applications, we encourage you to apply and become an integral part of our Product Security team.

 

PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles)

• Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance
• Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System
• Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program
• Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy
• Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment 
• Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe on our blog.

Life at PhonePe

PhonePe in the news