About the Company: About Paytm: Paytm is India's leading mobile payments and financial services distributioncompany. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm’s mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology.About the team: This team involves in making a difference. A lot of contingency and new challenges are encouraged within the team to do stuff that is meaningful for those we serve. We are successful, and our successes are rooted in our people's collective energy and unwavering focus on the employees.Job Description: Insurtech Business Operations Manager

About the Role: We are seeking an experienced Application Security Manager to lead our security initiatives andensure the integrity, confidentiality, and availability of our systems and data. This role is crucialin safeguarding our digital assets and maintaining compliance with industry1. To Integratesecuritytools,standards,andprocessesintotheproductlifecycle(PLC).2. EnsurethatdevelopersandQApersonnelaretrainedwiththeappropriatelevelofsecurityknowledgetoperformtheir dailyactivities.3. Improveandsupportapplicationsecuritytooldeploymentsincludingstaticanalysisandruntimetestingtools and securedevelopmentstandards.4. Conduct and manage periodic penetration testing exercises through expert consulting,internal technology team, and managed services to identify the gaps and fulfill audit/regulator requirements.5. Create, Integrate and manage threat modelling process/ practices, following SSDLC andapplication framework.6. Manage the secure configuration/ hardening guidelines and compliance.7. Should create and manage application security KPIs. KRIs compliance reports anddashboards.8. Should have strong hand-on experience of different tools, processes related to SAST,DAST, API Security and Threat Modelling.9. Should take care of Infosec functions by coordinating with various stakeholders (AppTeam, Vendors, Auditors, Regulators).10. Should have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST.11. Should have a good espouser to cloud environment (AWS) and WAF (Imperva, Akamai)12. Knowledge of Network and Data Security is a plus.Qualifications and Experience:1. 8-10 years of hands-on experience in application security.2. Strong understanding of application security best practices, frameworks, and securitytechnologies, like Checkmarx, Fortify, Burp Suite, OWASP ZAP, Acunetix etc.3. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, ThreatModelling, and Audit processes.4. Familiarity with regulatory requirements and compliance standards (e.g., RBI, SEBI).5. Excellent communication, interpersonal, analytical and problem-solving skills.6. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or arelated field. Masters degree or relevant certifications preferred.

Key Responsibilities:

1. To Integratesecuritytools,standards,andprocessesintotheproductlifecycle(PLC).2. EnsurethatdevelopersandQApersonnelaretrainedwiththeappropriatelevelofsecurityknowledgetoperformtheir dailyactivities.3. Improveandsupportapplicationsecuritytooldeploymentsincludingstaticanalysisandruntimetestingtools and securedevelopmentstandards.4. Conduct and manage periodic penetration testing exercises through expert consulting,internal technology team, and managed services to identify the gaps and fulfill audit/regulator requirements.5. Create, Integrate and manage threat modelling process/ practices, following SSDLC andapplication framework.6. Manage the secure configuration/ hardening guidelines and compliance.7. Should create and manage application security KPIs. KRIs compliance reports anddashboards.8. Should have strong hand-on experience of different tools, processes related to SAST,DAST, API Security and Threat Modelling.9. Should take care of Infosec functions by coordinating with various stakeholders (AppTeam, Vendors, Auditors, Regulators).