Full-Time
Head Application Security
Application Security, Engineering
Posted on 8/25/2025
Paytm Labs
10,001+ employees
Digital payments, loans, investments, and insurance
No salary listed
Noida, Uttar Pradesh, India
In Person
 IT & Security (1) |
|---|
- Bachelor's degree in Computer Science, Information Security, or related field (Master’s preferred)
- 15+ years of experience in application security, with at least 5 years in a leadership or managerial role
- Proven track record of successfully managing and scaling security engineering teams of 20+ engineers
- Deep expertise in secure coding practices, vulnerability assessments, penetration testing, and threat modeling
- Extensive hands-on experience with modern application security tools (e.g., SAST, DAST, SCA, IAST)
- Strong knowledge of web application technologies, cloud platforms (AWS, Azure, GCP), and secure development practices
- Thorough understanding of compliance requirements (e.g., GDPR, HIPAA, SOC 2) and the ability to integrate security measures within legal and regulatory frameworks
- In-depth experience with secure SDLC, CI/CD pipeline integration, and DevSecOps practices
- Excellent communication skills with the ability to articulate complex security concepts to both technical and non-technical stakeholders
- Strong leadership and team-building skills, with a focus on fostering a culture of security excellence.
- Lead and mentor a team of 20+ Application Security Engineers, fostering a culture of technical excellence, ownership, and continuous improvement in secure software development
- Define and drive the enterprise application security strategy, embedding security into all stages of the SDLC and aligning with business objectives
- Oversee comprehensive application vulnerability management, including identification, triage, prioritization, and remediation tracking of vulnerabilities across cloud-native, on-prem, and third-party applications
- Manage and optimize security testing programs (SAST, DAST, SCA, IAST, penetration testing, threat modeling, and code reviews) to ensure risks are detected early and addressed effectively
- Collaborate with Engineering, DevOps, and Cloud teams to integrate AppSec controls into CI/CD pipelines and enforce security guardrails for AWS-hosted applications and microservices
- Provide AWS application security expertise, including IAM best practices, secrets management, container security (EKS/ECS), API security, and securing serverless workloads
- Lead technical response to application-layer incidents, ensuring timely detection, root cause analysis, containment, and remediation, while improving incident playbooks
- Establish and enforce application security standards, policies, and secure coding practices aligned with OWASP, NIST, PCI-DSS, and cloud security benchmarks
- Drive secure coding training and awareness programs for developers and architects, elevating security maturity across product engineering teams
- Stay ahead of evolving application threats, cloud security risks, and DevSecOps practices to continuously strengthen the organization’s AppSec posture
- Provide executive-level reporting and metrics on application risk, vulnerability trends, remediation progress, and overall security maturity to senior leadership and stakeholders.
- Certifications in application security (e.g., CISSP, OSCP, GWAPT) are highly preferred
- Experience with vulnerability management, threat intelligence, and risk management frameworks
- Familiarity with container security, microservices, and serverless architecture
- Proven ability to influence cross-functional teams to prioritize security in development processes.
Paytm Labs operates a large digital payments and financial services platform in India that serves individuals, small businesses, and institutions. Users can perform UPI payments, mobile recharges, bill payments, ticket bookings, digital loans, insurance, and investments through Paytm Money within a single app. The system works by processing user actions through UPI, payment gateways, and partner APIs, with revenue coming from transaction fees and commissions on financial services. Its aim is to give mass-market users easy access to a wide range of services while growing revenue by expanding payments processing and financial services through partnerships and scale.
Company Size
10,001+
Company Stage
IPO
Headquarters
Noida, India
Founded
2014
Simplify's Take
What believers are saying
- Paytm reports third consecutive profit of $24.5M in December quarter, exceeding expectations.
- RBI grants in-principle online payment aggregator license to Paytm in August 2025.
- Pi platform expands internationally, adopted by Japan's largest mobile payment app PayPay.
What critics are saying
- PhonePe and Google Pay erode Paytm's market share below 20%, starving Labs' AI data.
- RBI denies payments aggregator license due to compliance lapses, halting merchant growth.
- Zomato's ₹2,048 Cr acquisition of ticketing divests non-core assets, endangering Labs unit.
What makes Paytm Labs unique
- Paytm Labs' Pi platform processes five billion rule evaluations daily, twice as fast as industry average.
- Pi enables real-time fraud decisions for high-volume fintechs like PayPay's 38 million users.
- Toronto-based R&D applies AI/ML to serve Paytm's 420 million consumers and 12 million merchants.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Health & Wellbeing - Your group health benefits are 100% funded by us, and start on your first day.
Travel the World - Even though we are currently working remotely, usually our employees make frequent international business-related trips while working on exciting projects.
Continuous Learning - We're passionate about learning and strive to constantly improve and innovate. We learn from others, our challenges & our successes.
Connection - In this virtual world, we stay connected through events like game nights, movie nights, arts & crafts sessions (like Origami), meditation sessions, and much more.
Autonomy & Flexibility - You get to define how you want to make an impact. We truly believe that great things happen when people are given the trust and freedom to create their own path.
Beautiful Office - Whenever we return back to the office, you’ll get to check out our awesome workspace, complete with pool and ping pong tables, a snack-filled kitchen, and tons of cozy work spaces.
Company News
One 97 Communications, which operates Paytm, has become majority Indian-owned, with domestic investors holding 51.9% as of December 2024. Mutual funds held 16.6% and insurance firms 5.1% after increasing their positions during the quarter. The ownership shift follows Paytm's third consecutive profitable quarter, reporting net profit of ₹2.3 billion and revenue of ₹21.9 billion, up 20% year-on-year. The change aligns with efforts to resolve regulatory issues. India's central bank banned Paytm from adding new online merchants in November 2022 over foreign direct investment compliance concerns related to Ant Group's stake. In August 2025, after Ant Group sold its remaining direct stake, the Reserve Bank of India granted in-principle approval for Paytm Payments Services to operate as an online payment aggregator, subject to a six-month compliance audit.
Paytm reported its third consecutive profitable quarter, posting net income of 2.25 billion rupees ($24.5 million) for the quarter ending December, exceeding analyst expectations of 1.97 billion rupees. Sales rose 20% to 22 billion rupees, meeting estimates. The Indian fintech company's performance reflects a business recovery driven by rising sales and cost reductions, following previous regulatory challenges. The results mark a sustained turnaround for the digital payments pioneer.
SAIF Partners sold a 1.86% stake in One97 Communications, Paytm's parent, for ₹1,556 crore, reducing their holding to 13.47%. Societe Generale acquired a 0.51% stake for ₹423.46 crore. Additionally, Motilal Oswal Mutual Fund divested a 1.22% stake in Kaynes Technology for ₹490 crore, affecting both companies' share prices.
India’s government is denying rumors of new fees on the country’s popular instant payment system.“Speculation and claims that the MDR will be charged on UPI transactions are completely false, baseless, and misleading,” the Indian Ministry of Finance wrote in a post on X Wednesday (June 11), referring to the idea of the “merchant discount rate” being applied to the country’s United Payments Interface system. “Such baseless and sensation-creating speculations cause needless uncertainty, fear and suspicion among our citizens,” the ministry said. “The government remains fully committed to promoting digital payments via UPI.”. According to a report from Reuters, the ministry’s announcement was bad news for Indian digital payments company Paytm, whose stock fell as much as 10% Thursday (June 12)
Paytm has received a show-cause notice from India’s financial crime-fighting agency. The notice pertains to an alleged violation of India’s Foreign Exchange Management Act, the FinTech said in a statement Saturday (March 1). The alleged violations have to do with Paytm’s acquisition of two subsidiaries — Little Internet Private Limited and Nearbuy India Private Limited — for the years 2015 to 2019, a period that predates Paytm’s ownership