Our Story
Vegapay Technology is a financial technology company. It partners with banks and financial institutions to digitize its financial infrastructure. It provides users with a credit suite featuring a wide breadth of modules and no-code configuration to design, deploy, and direct their credit programs. It provides access to build financial asset products including Card Management System, LOS, LMS, Co-lending and more.
Founded in 2022 by Gaurav Mittal, Himanshu Agrawal and Puneet Sharma, the startup is a B2B digital lending and Card Management Platform. Vegapay s vision is to liberate financial institutions and fintech enterprises from every technical barrier which hinders offering a lending programme.
Meet the Team
Gaurav Mittal - Gaurav is the Co-Founder and the CEO of the company. He is having more than 20 yrs of experience and has worked with organisations like Zeta, Matchmove, MasterCard, Amex and ICICI Bank.
Himanshu Agrawal - Himanshu is the Co-Founder and the Head of Technology. He is from IIT Kanpur and has more than 14 yrs of experience working with organisations like Amazon and DE Shaw.
Puneet Sharma - Puneet is the Co-Founder and the Head of Product. He is from IIT Roorkee and has more than 10 years of experience working with organisations like BharatPe, Avail Finance
The Hats You Will Wear
- Plan and execute Vulnerability Assessment & Penetration Testing (VAPT) for Web, Mobile, and API applications; reproduce issues, write PoCs, and validate fixes.
- Perform Network VAPT using standard methodologies; document risks and hardening actions.
- Embed security testing in CI/CD (SAST/DAST, dependency/SBOM scans) and track remediation SLAs.
- Analyze and mitigate OWASP Top 10 and business-logic flaws; coach developers on secure patterns.
- Operate and tune security tooling: Burp Suite, AppScan, OWASP ZAP, BeEF, Metasploit, Qualys, Nessus, Snyk, Wazuh, SonarQube, Trivy.
- Assess and improve authentication/authorization (OIDC, OAuth, SAML); review token flows and session controls.
- Support audits & compliance (PCI DSS, ISO 27001, SOC 2, CICRA, NIST): evidence collection, control mapping, auditor interactions.
- Strengthen cloud security across AWS/GCP/Azure (S3, load balancers, Kubernetes, Docker); identify misconfigurations and enforce least privilege.
- Read and reason about Java code paths to pinpoint root causes and guide fixes.
- Produce clear reports (risk, impact, exploitability, remediation) for technical and non-technical audiences.
The Perfect Fit
- 3+ years of relevant experience in Information Security.
- Proven hands-on VAPT for Web/Mobile/API and Network VAPT.
- Strong knowledge of OWASP Top 10 (attacks and defenses).
- Proficiency with commercial/open-source tools: Burp Suite, AppScan, ZAP, BeEF, Metasploit, Qualys, Nessus, Snyk, Wazuh, SonarQube, Trivy.
- Demonstrated ability to uncover complex business-logic vulnerabilities.
- Working understanding of OIDC, OAuth, SAML.
- Ability to read/write Java and understand basic application logic.
- Experience with PCI DSS, ISO 27001, SOC 2, CICRA, NIST and auditor engagement.
- Working knowledge of cloud security and core components in AWS/GCP/Azure (e.g., S3, Load Balancers, Kubernetes, Docker).
