Risk Analyst (Security Engineering) Job in Bengaluru at PhonePe

Phone Pe is hiring for the role of Risk Analyst (Security Engineering)!

Responsibilities of the Candidate:

• Perform comprehensive risk assessments for our mobile & web applications, prioritizing vulnerabilities and security risks and driving effective mitigation/remediation strategies. Evaluate risks based on their potential impact, likelihood, and business context, and provide actionable and time-bound recommendations for mitigation
• Maintain vulnerability management lifecycle as per organization standards concerning industry standards and practices
• Analyse scan results and collaborate with development teams to coordinate timely remediation efforts
• Collaborate closely with development teams to define and implement effective mitigation strategies for identified vulnerabilities
• Assist in the design and implementation of secure coding practices and application security controls
• Provide guidance and training to development teams on risk assessment methodologies, vulnerability management best practices, and secure coding principles
• Promote a culture of security awareness and proactive risk management
• Maintain detailed records of risk assessments, vulnerability assessments, and mitigation efforts. Generate clear and concise reports and documentation for stakeholders, including management, development teams
• Work collaboratively with cross-functional teams, including developers, quality assurance engineers, and IT personnel, to ensure that security considerations are integrated throughout the software development lifecycle
• Stay informed about emerging security threats, vulnerabilities, and industry trends

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field
• Proven experience in risk analysis, vulnerability management, and application security, with a focus on identifying and mitigating vulnerabilities in mobile & web applications
• Familiarity with vulnerability scanning tools, penetration testing methodologies, and risk assessment frameworks
• Strong understanding of application security principles, secure coding practices, and common software vulnerabilities
• Excellent analytical skills, with the ability to assess risks and prioritize based on potential impact and likelihood.
• Effective communication skills, including the ability to convey technical concepts to technical and non-technical stakeholders.
• Familiarity with regulatory compliance standards and industry security frameworks is a plus
• Relevant certifications such as Certified Ethical Hacker, Certified Information Systems Security Professional (Certified Information Security Manager, or Certified Information Systems Auditor are advantageous)
• Self-motivated and capable of working independently, as well as collaboratively within a team environment