Application Security Manager-Paytm Money

We are seeking an experienced Application Security Manager to lead our security initiatives and

ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial

in safeguarding our digital assets and maintaining compliance with industry

standards.The
manager
of
the
application
security
program
will
be
responsible for -

1. To Integrate
security
tools,
standards,
and
processes
into
the


product
life
cycle
(PLC).

2. Ensure
that
developers
and
QA
personnel
are
trained
with
the
appropriate
le

vel
of
security
knowledge
to
perform
their daily
activities.

3. Improve
and
support
application
security
tool
deployments
including
static
anal

ysis
and
runtime
testing
tools and secure
development
standards.

4. Conduct and manage periodic penetration testing exercises through expert consulting,

internal technology team, and managed services to identify the gaps and fulfill audit/

regulator requirements.

5. Create, Integrate and manage threat modelling process/ practices, following SSDLC and

application framework.

6. Manage the secure configuration/ hardening guidelines and compliance.

7. Should create and manage application security KPIs. KRIs compliance reports and

dashboards.

8. Should have strong hand-on experience of different tools, processes related to SAST,

DAST, API Security and Threat Modelling.

9. Should take care of Infosec functions by coordinating with various stakeholders (App

Team, Vendors, Auditors, Regulators).

10. Should have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST.

11. Should have a good espouser to cloud environment (AWS) and WAF (Imperva, Akamai)

12. Knowledge of Network and Data Security is a plus.

Qualifications and Experience:

1. 8-10 years of hands-on experience in application security.

2. Strong understanding of application security best practices, frameworks, and security

technologies, like Checkmarx, Fortify, Burp Suite, OWASP ZAP, Acunetix etc.

3. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat

Modelling, and Audit processes.

4. Familiarity with regulatory requirements and compliance standards (e.g., RBI, SEBI).

5. Excellent communication, interpersonal, analytical and problem-solving skills.

6. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a

related field. Masters degree or relevant certifications preferred.