PhonePe is a mobile payment platform using which you can transfer money using UPI, recharge phone numbers, pay utility bills, etc. PhonePe works on the Unified Payment Interface (UPI) system and all you need is to feed in your bank account details and create a UPI ID.

Job Designation : Risk Analyst (Security Engineering)

Qualification : Bachelor’s Degree

Experience : Freshers / Experienced

Skill Set :

1. Strong understanding of application security principles, secure coding practices, and common software vulnerabilities (e.g., OWASP Top Ten).
2. Excellent analytical skills, with the ability to assess risks and prioritise based on potential impact and likelihood.
3. Ability to convey technical concepts to technical and non-technical stakeholders.
4. Familiarity with regulatory compliance standards (e.g., GDPR, HIPAA) and industry security frameworks (e.g., NIST, ISO 27001) is a plus.
5. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are advantageous.
6. Self-motivated and capable of working independently, as well as collaboratively within a team environment.
7. Experience with automated testing frameworks, tools and services.
8. Excellent verbal and written communication skills.
9. Good time management and organizational skills.

Job Description:

The ideal candidate will be critical in assessing and mitigating security risks associated with our mobile and web applications. You will be responsible for managing Vulnerability Management Lifecycle through risk analysis, vulnerability prioritisation, and working collaboratively with development teams to implement effective mitigation strategies and maintain the overall SLA.

1. Risk Assessment: Perform comprehensive risk assessments for our mobile & web applications, prioritising vulnerabilities and security risks and driving effective mitigation/remediation strategies. Evaluate risks based on their potential impact, likelihood, and business context, and provide actionable and time-bound recommendations for mitigation.
2. Vulnerability Management: Maintain Vulnerability Management Lifecycle as per organisation standards with reference to industry standards and practices. Analyse scan results, prioritise vulnerabilities based on risk and collaborate with development teams to coordinate timely remediation efforts.
3. Mitigation Strategies: Collaborate closely with development teams to define and implement effective mitigation strategies for identified vulnerabilities. Assist in the design and implementation of secure coding practices and application security controls.
4. Security Awareness: Provide guidance and training to development teams on risk assessment methodologies, vulnerability management best practices, and secure coding principles. Promote a culture of security awareness and proactive risk management.
5. Reporting and Documentation: Maintain detailed records of risk assessments, vulnerability assessments, and mitigation efforts. Generate clear and concise reports and documentation for stakeholders, including management, development teams, and auditors.
6. Collaboration: Work collaboratively with cross-functional teams, including developers, quality assurance engineers, and IT personnel, to ensure that security considerations are integrated throughout the software development lifecycle.
7. Continuous Improvement: Stay informed about emerging security threats, vulnerabilities, and industry trends. Identify opportunities to enhance vulnerability management processes and risk assessment methodologies.

Location : Bengaluru, Karnataka, India