Job Description

Bengaluru, Karnataka, India








Department
Engineering
Job posted on
Sep 12, 2025
Employment type
Full Time

About Us:

MatchMove is a leading embedded finance platform that empowers businesses to embed financial services into their applications. We provide innovative solutions across payments, banking-as-a-service, and spend/send management, enabling our clients to drive growth and enhance customer experiences.

Are You The One?

As a

Security Engineer

, you will be the guardian and enabler of secure engineering practices across our entire technology footprint. You'll drive the "shift-left" security philosophy, embedding security early in the development lifecycle while ensuring our payment platform remains resilient against evolving threats. You'll work closely with our Go and PHP engineering teams to build security into our DNA, not bolt it on as an afterthought.

You Will Contribute To

Establishing and driving a comprehensive

shift-left security charter

across all engineering teams and cloud infrastructure Maintain , upgrade and enhance automated security testing pipelines that integrate seamlessly with our CI/CD workflows Conducting thorough

network security assessments

for our cloud-native payment infrastructure Shift left

SAST (Static Application Security Testing)

and

DAST (Dynamic Application Security Testing)

practices for our Go microservices and legacy PHP systems Creating security guardrails that empower developers to build secure-by-default services Protecting billions in financial flows through proactive threat modeling and security architecture reviews Enabling compliance with

PCI-DSS, ISO 27001

, and regional financial regulations through security controls

Responsibilities

Network Security Testing & Assessment

+ Conduct regular penetration testing and vulnerability assessments across our cloud infrastructure
+ Perform network segmentation reviews and validate zero-trust architecture implementations
+ Assess API gateway configurations, WAF rules, and DDoS protection mechanisms
+ Validate mTLS implementations and certificate management across microservices

Code Security & Review Practices

+ Implement and maintain SAST tools integrated with our Go and PHP development pipelines
+ Conduct dynamic security testing (DAST) on running services and APIs
+ Perform manual security code reviews for critical payment processing components
+ Develop custom security linters and static analysis rules specific to our tech stack
+ Champion secure coding practices through documentation, training, and tooling

Shift-Left Security Leadership

+ Drive security requirements gathering during design phase of new features
+ Implement security gates in CI/CD pipelines without impacting developer velocity
+ Create developer-friendly security tools and libraries (e.g., encryption helpers, secure defaults)
+ Build threat modeling into sprint planning and architecture reviews
+ Establish security champions program across engineering teams

Infrastructure & Cloud Security

+ Secure our Kubernetes clusters, container registries, and service mesh configurations
+ Implement cloud security posture management (CSPM) across AWS/GCP/Azure
+ Design and validate secrets management, key rotation, and HSM integration
+ Monitor and respond to security events through SIEM and automated alerting

Compliance & Governance

+ Ensure security controls meet PCI-DSS Level 1 requirements for payment processing
+ Support security audits and certification processes
+ Maintain security runbooks and incident response procedures
+ Document security architecture decisions and risk assessments

Requirements

5+ years

of hands-on security engineering experience in production environments Deep expertise in

application security testing

(SAST, DAST, IAST) with tools like: + SonarQube, Checkmarx, Veracode, or Semgrep for static analysis
+ OWASP ZAP, Burp Suite, or similar for dynamic testing
+ Go-specific tools like gosec, nancy, and staticcheck

Proven experience in

network security assessment

including: + Network penetration testing and vulnerability scanning
+ TCP/IP, TLS/SSL, and cryptographic protocol analysis
+ Cloud networking security (VPC, security groups, NACLs)

Strong understanding of

secure SDLC

and DevSecOps practices Hands-on experience with

container security

(Docker, Kubernetes security policies, admission controllers) Proficiency in at least one programming language (Go, Python, or PHP preferred) Experience with

cloud security

in AWS, GCP, or Azure environments Knowledge of

OWASP Top 10

, CWE, and secure coding standards Understanding of

financial services security

requirements and compliance frameworks

Technical Skills

Security Testing Tools

: Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark

SAST/DAST Platforms

: SonarQube, Checkmarx, Veracode, Snyk, GitLab Security

Cloud Security

: AWS Security Hub, GuardDuty, Cloud Trail, IAM, KMS

Container Security

: Falco, Twistlock, Aqua Security, OPA (Open Policy Agent)

Scripting

: Python, Go, Bash for security automation

Monitoring

: ELK Stack, New relic, Wazuh, Prometheus/Grafana for security metrics

IaC Security

: Terraform security scanning, CloudFormation validation

Brownie Points

Security certifications (OSCP, CISSP, CEH, AWS Security Specialty) Experience with payment card industry security and PCI-DSS implementation Contributions to security tools or vulnerability research Experience with Go security tooling and secure Go development practices Background in financial services or payment processing security Experience implementing zero-trust architectures Knowledge of GenAI security implications and LLM attack vectors Track record of building security culture in fast-moving engineering organizations

MatchMove Culture:

We cultivate a dynamic and innovative culture that fuels growth, creativity, and collaboration. Our fast-paced fintech environment thrives on adaptability, agility, and open communication. We focus on employee development, supporting continuous learning and growth through training programs, learning on the job and mentorship. We encourage speaking up, sharing ideas, and taking ownership. Embracing diversity, our team spans across Asia, fostering a rich exchange of perspectives and experiences.

Personal Data Protection Act:

By submitting your application for this job, you are authorizing MatchMove to:

collect and use your personal data, and to disclose such data to any third party with whom MatchMove or any of its related corporation has service arrangements, in each case for all purposes in connection with your job application, and employment with MatchMove; and * retain your personal data for one year for consideration of future job opportunities (where applicable).