Job Description

Our Story

At Vegapay, we are revolutionizing the financial landscape by enabling banks and financial institutions to digitize their financial infrastructure. Our innovative credit suite, equipped with a wide range of modules and no-code configuration, empowers businesses to design, deploy, and manage their credit programs seamlessly. From card management systems to loan origination and management, we provide comprehensive tools to build cutting-edge financial asset products.

Founded in 2022 by Gaurav Mittal, Himanshu Agrawal and Puneet Sharma, the startup is a B2B digital lending and Card Management Platform. Vegapay's vision is to liberate financial institutions and fintech enterprises from every technical barrier which hinders offering a lending programme.

Meet the Team

Gaurav Mittal - Gaurav is the Co-Founder and the CEO of the company. He is having more than 20 yrs of experience and has worked with organisations like Zeta, Matchmove, MasterCard, Amex and ICICI Bank. Himanshu Agrawal - Himanshu is the Co-Founder and the Head of Technology. He is from IIT Kanpur and has more than 14 yrs of experience working with organisations like Amazon and DE Shaw. Puneet Sharma - Puneet is the Co-Founder and the Head of Product. He is from IIT Roorkee and has more than 10 years of experience working with organisations like BharatPe, Avail Finance

Why This Role Matters

As an

Application Security Engineer

at Vegapay, you'll be the shield that keeps our products safe, secure, and battle-ready! Think of yourself as the guardian of our digital fortress -- uncovering vulnerabilities before attackers can, fortifying our applications, and guiding developers to write code that's as strong as steel. You'll collaborate with squads across engineering, product, and infrastructure to outsmart threats, ensure compliance, and keep our systems resilient. Your mission? To make security a superpower at Vegapay -- protecting customer trust, empowering innovation, and ensuring our products are always a step ahead. If you're ready to don the cape and be the hero who keeps fintech safe, this is your moment to shine! The Hats You Will WearConduct regular Vulnerability Assessments (VA) and Penetration Testing (PT) for Web applications, APIs, and Mobile applications. Guide and collaborate with developers to remediate security vulnerabilities and implement fixes. Perform Threat Modeling and conduct regular secure code reviews to identify potential security risks. Develop and promote secure coding practices; educate development and QA teams by creating and enforcing security standards, policies, and best practices for secure coding, data handling, networking, and cryptographic implementations. Continuously improve the organization's security posture by identifying security gaps and recommending effective mitigation strategies. Ensure applications comply with various regulatory and compliance standards such as CIS, NIST, PCI DSS, GDPR, UIDAI, etc. Conduct architecture and design reviews to provide security assurance and best practice guidance for system frameworks. Assist in compliance audits by collecting, organizing, and providing required security evidence. Respond to client security inquiries by sharing evidence and documentation related to third-party security assessments, security checklists, and compliance requirements. Integrate and support security across the infrastructure, including but not limited to SOC operations,Cloud Security, security automation, and security orchestration. Stay updated on emerging security threats and industry trends to proactively address vulnerabilities.

The Perfect Fit

Minimum 3+ years of relevant experience in information security. Hands-on experience in Vulnerability Assessment and Penetration Testing for Web, Mobile, and API applications. Understanding and experience with Network VAPT methodologies. Strong knowledge of OWASP Top 10 vulnerabilities, including attack and defense mechanisms. Proficiency in using both commercial and open-source security tools such as Burp Suite, AppScan, OWASP ZAP, BEEF, Metasploit, Qualys, Nessus, Snyk, Wazuh, SonarQube, Trivy etc. Proven capability to identify and exploit complex business logic vulnerabilities. Good understanding of authentication and authorization frameworks including OIDC, OAuth, and SAML. Ability to read, write, and understand Java code and basic application logic. Experience working with audits and compliance frameworks (e.g., PCI DSS, ISO 27001, SOC 2, CICRA,NIST) and engaging with auditors. Working knowledge of cloud security concepts and best practices, including securing cloud infrastructure and services in AWS, GCP, AZURE or similar platforms. Working knowledge of cloud environments (AWS, GCP,AZURE) and associated components such as S3 buckets, Load Balancers, Kubernetes, Docker, etc.
Your Edge Over The RestBachelor's or Master's degree in Computer Science, Information Security, or a related field Industry-recognized certifications such as CISSP, OSCP, CISA, CEH, or CCSP Prior experience working in FinTech, SaaS, or other regulated environments Exceptional communication and documentation skills, with a proven ability to collaborate cross-functionally and align security practices with business goals

Why Vegapay?

Joining Vegapay means becoming part of a mission-driven team that's shaping the future of financial technology. You'll work in a fast-paced, innovative environment with the opportunity to make a tangible impact on our products and the industry. We offer competitive compensation, opportunities for growth, and a collaborative work culture that values innovation, transparency, and excellence.