Security Analyst - I (Vulnerability Assessment)

Security Analyst - I (Vulnerability Assessment)

About Juspay

Juspay is a leading multinational payments technology company, powering superior conversion rates, seamless customer experiences, cost optimization, and fraud reduction at scale for 500+ top global enterprises and banks. Founded in 2012, the company processes over 300 million daily transactions, exceeding an annualized total payment volume (TPV) of $1 trillion with 99.999% reliability. Headquartered in Bangalore, India, Juspay’s global network of 1200+ payment experts operates across San Francisco, Dublin, São Paulo, and Singapore. Juspay offers a modular and interoperable product suite for merchants that includes open-source payment orchestration, seamless authentication, payment tokenization, fraud & risk management, global payouts, end-to-end reconciliation, unified payment analytics, and more. For banks, Juspay’s offerings include end-to-end white label payment gateway solutions & real-time payments infrastructure.

We are currently looking for a passionate Security Analyst VA who can not only identify potential weaknesses in the systems and solutions but can also design and implement security & privacy controls to support organization cyber security commitments. You’ll also contribute to our other security domains of governance and compliance, incident detection and response, infrastructure, and IT security. The pace of our growth is incredible – if you want to tackle hard and interesting problems at scale, and create an impact within an entrepreneurial environment, join us!

Skill & experience Requirements

● 0-2 years of experience in the Vulnerability & Patch Management Security domain preferably AWS will overlap into the field of Information Security.

● Must have a deep understanding of Cloud, Firmware, OS, Microservices, 3rd party s/w Vulnerability identification process and their remediation strategies.

● Ability to conduct Vulnerability Assessment and Penetration Testing using popular tools such as Tenable, Qualis etc

● Hands-on experience in performing PCI ASV and IVA scans for OS, Micro services to meet the compliance requirements.

● Ability to build Asset inventory & Perform Threat Modeling on application architecture to identify vulnerabilities and recommend possible controls.

● Exposure to DevSecOps - Security VA integration in CI/CD pipeline.

● Hands-on experience with any Cloud automation language is a must, Scripting experience with Python, Shell, Ruby, etc will be good too.

● Experience with Amazon Web Services and related technologies (WAF & DDoS, Guardduty, Security Hub, EC2, IAM, S3, Lambda, VPC , RDS etc.) or equivalent technologies in Google Cloud or Azure is a bonus.

● Good understanding of network and web application protocols (Http, Https, TCP/IP, SAML 2.0, OAuth 2.0, Rest APIs, etc).

● Experience in Agile development methodologies.

● Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product, administration to engineering and infra.

● Contributions to the security community is a huge plus and shouldn’t be a tool junkie!

Core Responsibilities

● Help Define Secure VA best practices with a focus on implementing security by design architecture.

● Conduct VA Security posture management & Internal audits to identify potential gaps in AWS Cloud Configurations, networks and other types of computing systems and cloud resources on a regular basis.

● Work closely with the Product Development and SRE teams to help build secure and resilient systems and applications.

● Evaluate, recommend, and implement security controls to protect cloud services and other information assets.

● Interpret security requirements from compliance documents, create technical solutions, and explain complex security concepts to non-technical business partners.

● Participate in VA security incident response activities and assist with identifying and driving the resolutions.