Senior Infosec Engineer

Headquartered in India, its flagship product, the PhonePe digital payments app, was launched in Aug 2016. As of April 2025, PhonePe has over 60 Crore (600 Million) registered users and a digital payments acceptance network spread across over 4 Crore (40+ million) merchants. PhonePe also processes over 33 Crore (330+ Million) transactions daily with an Annualized Total Payment Value (TPV) of over INR 150 lakh crore. 

PhonePe’s portfolio of businesses includes the distribution of financial products (Insurance, Lending, and Wealth) as well as new consumer tech businesses (Pincode - hyperlocal e-commerce and Indus AppStore Localized App Store for the Android ecosystem) in India, which are aligned with the company’s vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services.

At PhonePe, we go the extra mile to make sure you can bring your best self to work, Everyday!. And that starts with creating the right environment for you. We empower people and trust them to do the right  thing. Here, you own your work from start to finish, right from day one. PhonePe-rs solve complex problems and execute quickly; often building frameworks from scratch. If you’re excited by the idea of building platforms that touch millions, ideating with some of  the best minds in the country and executing on your dreams with purpose and speed, join us!

We are looking for a Senior Information Security Engineer with deep Linux expertise and a strong background in vulnerability remediation, penetration testing, network security and system hardening.

• →Proven expertise in Rust development is highly valued and will be considered independent of a formal information security background.
• →Develop, implement, and maintain system hardening standards across diverse Linux distributions; perform ongoing validation to ensure sustained security efficacy
• →Create, manage and maintain the security analytics platform on Elasticsearch and build kibana dashboards, and keep alerting accurate and actionable
• →Contribute to, execute, and troubleshoot shell scripts and ansible playbooks; automate repetitive security tasks using Python, Bash or Rust
• →Conceptualise and build bespoke security tooling and products to address Infosec requirements, moving beyond the limitations of commercial software offerings
• →Conduct penetration tests across web applications, mobile apps, and infrastructure; document findings with clear reproduction steps and remediation guidance
• →Identify, validate, and track vulnerabilities at scale; work with engineering teams to drive timely remediation
• →Analyse network traffic, application logs, SSH logs, and auditd events to detect anomalies and support incident investigations
• →Participate in on-call rotation for security incident triage and response on Linux-based infrastructure
• →Work with application protocols and REST APIs to identify security weaknesses
• →Manage Nginx configurations from a security standpoint; analyse and assist with WAF rule tuning on Akamai or Cloudflare
• →Present security findings and risk posture clearly to technical teams, stakeholders, and leadership

• 5+ years of deep hands-on experience in Linux security, including system administration, hardening, and extensive log analysis (auditd, syslog, SSH, application logs) in large environments.
• Strong working knowledge of ELK stack (Elasticsearch, Logstash, Kibana).
• Essential proficiency in shell scripting and automation using Python or Bash; expertise in rust or go is a big advantage.
• Proven hands-on experience with git and software development.
• Hands-on exposure to OWASP Top 10 across web, mobile, and systems, with proficiency in tools like Burp Suite and Nessus.
• Thorough understanding of network protocols, cyber risks, threats, application protocols, and REST APIs.
• Expertise in Nginx and a strong preference for understanding WAF operations (Akamai or Cloudflare).
• Strong communication skills for translating technical findings into reports for engineering and executive audiences.
• Familiarity with BFSI regulatory frameworks (RBI, SEBI, IRDAI, ISO 27001).
• Certifications such as OSCP, RHCE, CCNP, or CISSP.

Life at PhonePe

PhonePe in the news