Security and Compliance Engineer

About Fam (previously FamPay)
Fam is India's first payments app for everyone above 11. FamApp helps make online and offline payments through UPI and FamCard. We are on a mission to raise a new, financially aware generation, and drive 250 million+ youngest users in India to kickstart their financial journey super early in their life.
Founded in 2019 by IIT Roorkee alumni, Fam is backed by some of the most respected investors around the world like Elevation Capital, Y-Combinator, Peak XV (Sequoia Capital) India, Venture Highway, Global Founder’s Capital and the likes of Kunal Shah, Amrish Rao as angel investors.
About this Role
Join Us as a Cyber Guardian at Fam!
At Fam, we're looking for someone who thinks like a hacker but works for the good guys—someone who's obsessed with ensuring ZERO vulnerabilities in our technology.
As a key member of our security and compliance team, you’ll be the first line of defense, protecting our users' data, money, and identity. Your mission? Keep our digital infrastructure safe and secure, so our users can trust us without a second thought.
If you're ready to take on this responsibility and make a real impact, we want you on our team!

On the Job

• Identify Vulnerabilities: Conduct penetration testing to identify vulnerabilities in FamApp applications and cloud infrastructure
• Security Incident Response: Participate in security incident response, including investigations, root cause analysis, and remediation
• Security Awareness Training: Conduct security awareness training for the team and third-party vendors to foster a culture of security and compliance
• Policies & Compliance: Develop and implement security policies, procedures, and standards to mitigate risks and ensure regulatory and industry compliance
• Audits: Conduct internal and external audits to ensure compliance with laws and regulations, and recommend improvements as needed
• Stay Updated: On security threats and best practices in the industry
• Cross Team Collaboration: Collaborate with teams to implement security controls that align with business requirements and support company goals

Must-haves (Min. qualifications)

• At least 4-7 year of experience in security and IT compliance in Banking Industry
• Prior experience of working in a fintech industry is a must have
• Bachelor’s degree in Computer Science, Information Security, or a related field
• Proficiency with tools such as Burp Suite, Metasploit, Nessus, and AWS Security tools
• Strong understanding of common web application vulnerabilities like SQL injection, XSS, and CSRF
• Familiarity with cloud security concepts and technologies, particularly AWS and Azure.
• Possession of relevant certifications such as CEH, OSCP, or AWS Certified Security – Specialty would be advantageous
• Experience developing and implementing security policies, procedures, and standards

Good to have

• Experience in Capture The Flag (CTF) competitions
• Participation in bug bounty programs and recognition in any hall of fame
• Contribution to CVE (Common Vulnerabilities and Exposures) entries
• Ability to analyze problems efficiently and effectively; you stay calm and focused when outages and incidents occur

Why join us?

• Work in a team of less than 5 members security and compliance team
• Take full ownership of high-impact projects
• Opportunity to grow as a trust, security & IT compliance leader in the industry