Senior Infosec Engineer

About PhonePe Limited:

Headquartered in India, its flagship product, the PhonePe digital payments app, was launched in Aug 2016. As of April 2025, PhonePe has over 60 Crore (600 Million) registered users and a digital payments acceptance network spread across over 4 Crore (40+ million) merchants. PhonePe also processes over 33 Crore (330+ Million) transactions daily with an Annualized Total Payment Value (TPV) of over INR 150 lakh crore. 

PhonePe’s portfolio of businesses includes the distribution of financial products (Insurance, Lending, and Wealth) as well as new consumer tech businesses (Pincode - hyperlocal e-commerce and Indus AppStore Localized App Store for the Android ecosystem) in India, which are aligned with the company’s vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services.

Culture:

At PhonePe, we go the extra mile to make sure you can bring your best self to work, Everyday!. And that starts with creating the right environment for you. We empower people and trust them to do the right  thing. Here, you own your work from start to finish, right from day one. PhonePe-rs solve complex problems and execute quickly; often building frameworks from scratch. If you’re excited by the idea of building platforms that touch millions, ideating with some of  the best minds in the country and executing on your dreams with purpose and speed, join us!

About the Role

We are looking for a Senior Information Security Engineer with deep Linux expertise and a strong background in vulnerability remediation, penetration testing, network security and system hardening.

Responsibilities

• Proven expertise in Rust development is highly valued and will be considered independent of a formal information security background.
• Develop, implement, and maintain system hardening standards across diverse Linux distributions; perform ongoing validation to ensure sustained security efficacy
• Create, manage and maintain the security analytics platform on Elasticsearch and build kibana dashboards, and keep alerting accurate and actionable
• Contribute to, execute, and troubleshoot shell scripts and ansible playbooks; automate repetitive security tasks using Python, Bash or Rust
• Conceptualise and build bespoke security tooling and products to address Infosec requirements, moving beyond the limitations of commercial software offerings
• Conduct penetration tests across web applications, mobile apps, and infrastructure; document findings with clear reproduction steps and remediation guidance
• Identify, validate, and track vulnerabilities at scale; work with engineering teams to drive timely remediation
• Analyse network traffic, application logs, SSH logs, and auditd events to detect anomalies and support incident investigations
• Participate in on-call rotation for security incident triage and response on Linux-based infrastructure
• Work with application protocols and REST APIs to identify security weaknesses
• Manage Nginx configurations from a security standpoint; analyse and assist with WAF rule tuning on Akamai or Cloudflare
• Present security findings and risk posture clearly to technical teams, stakeholders, and leadership

Skills & Qualifications

• 5+ years of deep hands-on experience in Linux security, including system administration, hardening, and extensive log analysis (auditd, syslog, SSH, application logs) in large environments.
• Strong working knowledge of ELK stack (Elasticsearch, Logstash, Kibana).
• Essential proficiency in shell scripting and automation using Python or Bash; expertise in rust or go is a big advantage.
• Proven hands-on experience with git and software development.
• Hands-on exposure to OWASP Top 10 across web, mobile, and systems, with proficiency in tools like Burp Suite and Nessus.
• Thorough understanding of network protocols, cyber risks, threats, application protocols, and REST APIs.
• Expertise in Nginx and a strong preference for understanding WAF operations (Akamai or Cloudflare).
• Strong communication skills for translating technical findings into reports for engineering and executive audiences.
• Familiarity with BFSI regulatory frameworks (RBI, SEBI, IRDAI, ISO 27001).
• Certifications such as OSCP, RHCE, CCNP, or CISSP.

PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles)

• Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance
• Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System
• Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program
• Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy
• Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment 
• Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

Our inclusive culture promotes individual expression, creativity, innovation, and achievement and in turn helps us better understand and serve our customers. We see ourselves as a place for intellectual curiosity,  ideas and debates, where diverse perspectives lead to deeper understanding and better quality results. PhonePe is an equal opportunity employer and is committed to treating all its employees and job applicants equally; regardless of  gender, sexual preference, religion, race, color or disability. If you have a disability or special need that requires assistance or reasonable accommodation, during the application and hiring process, including support for the interview or onboarding process, please fill out this form.

Read more about PhonePe on our blog.

Life at PhonePe

PhonePe in the news