The Hats You Will Wear
- Plan and execute security compliance programs including PCI DSS, ISO 27001, SOC 2, CICRA, and NIST, ensuring audit readiness and timely closure of findings.
- Drive audit coordination and evidence collection; perform risk assessments, gap analysis, control mapping, and manage risk acceptance and compensating controls.
- Monitor, investigate, and respond to security incidents and alerts using SIEM/XDR platforms; tune alerts and improve detection effectiveness.
- Strengthen cloud security posture across AWS/GCP/Azure (e.g., S3, Load Balancers, Kubernetes, Docker) by enforcing least privilege, secure IAM, logging, and network configurations.
- Identify and remediate cloud and container misconfigurations across Kubernetes and Docker environments.
- Support vulnerability management activities, including coordination of Network and Application VAPT, remediation tracking, and fix validation.
- Provide guidance on OWASP Top 10 risks and review authentication and authorization mechanisms (OAuth 2.0, OIDC, SAML).
- Support integration of security controls into operational and delivery pipelines, including vulnerability scanning and compliance tracking.
- Produce clear security, risk, and compliance reports for technical teams, leadership, and business stakeholders.
The Perfect Fit
- 3+ years of relevant experience in Information Security.
- Hands-on experience with security compliance frameworks such as PCI DSS, ISO 27001, RBI DL, SOC 2, CICRA, or NIST, including auditor interactions.
- Practical experience in security monitoring and incident response using SIEM/XDR tools (e.g., Wazuh or equivalent).
- Strong understanding of cloud security fundamentals across AWS, GCP, or Azure.
- Demonstrated ability in VAPT for Web/Mobile/API/Network. Understanding of OWASP Top 10 and common application security risks.
- Familiarity with authentication and authorization standards such as OAuth 2.0, OIDC, and SAML.
- Ability to communicate security risks clearly to both technical and non-technical stakeholders.
- Experience with security tools such as SIEM platforms, vulnerability scanners, and cloud security tools.
Our Story
Vegapay Technology is a financial technology company. It partners with banks and financial institutions to digitize its financial infrastructure. It provides users with a credit suite featuring a wide breadth of modules and no-code configuration to design, deploy, and direct their credit programs. It provides access to build financial asset products including Card Management System, LOS, LMS, Co-lending and more.
Founded in 2022 by Gaurav Mittal, Himanshu Agrawal and Puneet Sharma, the startup is a B2B digital lending and Card Management Platform. Vegapay's vision is to liberate financial institutions and fintech enterprises from every technical barrier which hinders offering a lending programme.
Meet the Team
Gaurav Mittal - Gaurav is the Co-Founder and the CEO of the company. He is having more than 20 yrs of experience and has worked with organisations like Zeta, Matchmove, MasterCard, Amex and ICICI Bank.
Himanshu Agrawal - Himanshu is the Co-Founder and the Head of Technology. He is from IIT Kanpur and has more than 14 yrs of experience working with organisations like Amazon and DE Shaw.
Puneet Sharma - Puneet is the Co-Founder and the Head of Product. He is from IIT Roorkee and has more than 10 years of experience working with organisations like BharatPe, Avail Finance
