Principal Security Engineer

Freecharge is a well-known name in the world of payment apps, serving over 100 million users across the country. A 100% subsidiary of Axis Bank, Freecharge has always been known for offering safe and seamless UPI payments, utility bill payments, mobile/DTH recharges, and much more. Moreover, users can easily make payments at offline or online merchants via a robust infrastructure that supports UPI, Debit/ Credit Cards, Wallet, and other options. Freecharge even offers multiple Axis Bank Credit Cards and is constantly building new products to support small and midsize retailers across payments and lending. For more details, please visit https://www.freecharge.in or download the Freecharge app. Title: Principal Security Engineer Location: Gurugram Experience: 7-10yrs- Must have Payment Gateway or Payment Aggregator Exp Education: Bachelor’s / Master’s in Software Engineering Key Responsibilities Application Security & Vulnerability Management Perform and support automated application security testing, including source code review, API testing, and mobile/web application assessments using tools like SonarQube, CodeGuru, and Burp Suite. Curate and analyze vulnerability data from automated tools and provide clear, actionable remediation guidance to development and engineering teams. Independently execute vulnerability scans and assist in remediation tracking and risk mitigation. Escalate critical issues and risks to senior management in a timely manner. Operational Risk & Compliance Ensure security deliverables meet internal quality standards and provide practical risk insights. Support internal and external audits (ISO 27001, PCI DSS, RBI, etc.) by collecting and organizing audit evidence from various stakeholders. Help drive continuous improvement across InfoSec processes and ensure adherence to relevant security policies and procedures. Stay current with emerging threats, tools, and best practices in cybersecurity and AppSec. Stakeholder Engagement & Collaboration Act as a liaison between InfoSec, engineering, and business units to ensure clear communication and service delivery. Build and maintain strong working relationships with internal teams and global stakeholders. Collaborate with the Attack Surface Management team to share insights, address security gaps, and improve assessment coverage. Qualifications Bachelor's degree in Computer Science, IT, or a related field / Master’s in Software Engineering Proven experience in application security, information security risk assessments, and vulnerability management. Familiarity with compliance standards: ISO 27001, PCI DSS v4.0, and RBI regulatory requirements. Hands-on experience with AppSec tools: SonarQube, CodeGuru, Burp Suite, etc. Strong understanding of information security concepts, secure SDLC, and threat modeling. Excellent communication, documentation, and stakeholder management skills. Ability to work independently and take ownership of assigned tasks. Show more Show less