Application Security Analyst
Application Security Analyst
Company: PayU (Prosus Group)
Location: Bengaluru India
Department: Information Security
Reports to: CISO
About PayU
PayU is the payments and fintech business of Prosus, a major global fintech investor.
Headquartered in Mumbai, India, we focus on providing comprehensive fintech products
including credit solutions, buy-now-pay-later offerings, and digital banking services. Our
vision is to develop a full regional fintech ecosystem offering integrated digital financial
services, reaching even Tier 3 and Tier 4 cities across India.
Position Overview
We are seeking an Application Security Analyst to join our security team and support
application security initiatives across our fintech platform. This role requires a motivated
security professional with a foundational understanding of application security, API
security, and secure software development lifecycle (SSDLC) practices. You will work
closely with engineering teams to assist in building security into our products while
learning and growing in a fast-paced environment.
Key Responsibilities
• Assist in integrating SAST/DAST tools within CI/CD pipelines using modern AST
solutions
• Support configuration of security gates to ensure code quality and security standards
• Help enforce secure coding standards and security design patterns
• Perform basic security testing using tools like Burp Suite, Postman, and OWASP ZAP
• Assist in vulnerability scanning and reporting using platforms like Qualys
• Support remediation efforts by coordinating with development teams
• Participate in mobile and web application security assessments under guidance
• Assist in implementing AWS security best practices and monitoring configurations
• Collaborate with product and engineering teams to integrate security requirements
• Contribute to security documentation and reporting
Required Qualifications
Experience
• 2-4 years of experience or academic exposure in Application Security or related fields
• Basic understanding of API security and web application security principles
• Familiarity with SAST/DAST tools and vulnerability management concepts
Technical Skills
• Working knowledge of security testing tools: Burp Suite, OWASP ZAP, Postman
• Basic scripting ability in Python or similar languages
• Understanding of CI/CD processes and security integration
• Familiarity with cloud environments (AWS preferred)
Security Knowledge
• Awareness of OWASP Top 10 and OWASP API Security Top 10
• Basic understanding of secure coding practices
• Interest in learning threat modeling and mobile application security
Preferred Qualifications
• Certifications like Security+, CEH (optional)
• Exposure to DevSecOps practices
What We Offer
• Competitive salary and benefits package
• Opportunity to learn and grow in application security
• Professional development and certification support
• Collaborative work environment with global teams
• Flexible working arrangements and modern office facilities