Product Security Engineer

About Fam (previously FamPay)
Fam is India's first payments app for everyone above 11. FamApp helps make online and offline payments through UPI and FamCard. We are on a mission to raise a new, financially aware generation, and drive 250 million+ youngest users in India to kickstart their financial journey super early in their life.
Founded in 2019 by IIT Roorkee alumni, Fam is backed by some of the most respected investors around the world like Elevation Capital, Y-Combinator, Peak XV (Sequoia Capital) India, Venture Highway, Global Founder’s Capital and the likes of Kunal Shah, Amrish Rao as angel investors.
About this Role
Join Us as a Cyber Guardian at Fam!
At Fam, we're looking for someone who thinks like a hacker but works for the good guys—someone who's obsessed with ensuring ZERO vulnerabilities in our technology.
As a key member of our product security team, you’ll be the first line of defense, protecting our users' data, money, and identity. Your mission? Keep our digital infrastructure safe and secure, so our users can trust us without a second thought.
If you're ready to take on this responsibility and make a real impact, we want you on our team!

On the Job

• Conduct application penetration testing to identify vulnerabilities in FamApp’s software products
• Perform cloud penetration testing to assess the security of our cloud infrastructure
• Analyze and report on security findings, providing recommendations for remediation
• Collaborate with development teams to integrate security best practices into the software development lifecycle
• Stay updated on the latest security trends, threats, and best practices.

Must-haves (Min. qualifications)

• Bachelor’s degree in Computer Science, Information Security, or a related field
• At least 4-7 years of experience in application penetration testing and cloud penetration testing
• Proficiency with tools such as Burp Suite, Metasploit, Nessus, and AWS Security tools
• Strong understanding of common web application vulnerabilities like SQL injection, XSS, and CSRF
• Familiarity with cloud security concepts and technologies, particularly AWS and Azure.

Good to have

• Experience in Capture The Flag (CTF) competitions
• Participation in bug bounty programs and recognition in any hall of fame
• Contribution to CVE (Common Vulnerabilities and Exposures) entries
• Possession of relevant certifications such as CEH, OSCP, or AWS Certified Security – Specialty would be advantageous.

Why join us?

• Join a dynamic, lean team of engineers and gain the opportunity to work on security, making a meaningful impact for millions of users.
• Opportunity to work on challenging & advanced tech
• Take full ownership of high-impact projects