About us Build the future of banking.
Zeta is a next-generation banking technology company providing cloud-native, fully stackable processing and core banking platforms for issuers. With a focus on scalability, compliance, and innovation, Zeta empowers financial institutions to modernize their technology infrastructure and deliver secure, seamless digital banking experiences.
Our impact runs at real-world scale. Today, over 25 million cards are live on Zeta-powered platforms across 7 countries, supported by a passionate team of 1,700+ Zetanauts across India, the US, EMEA, and Asia. Backed by SoftBank Vision Fund, Mastercard, and other reputed strategic investors, we reached a valuation of $2 billion in 2025.
Our focus is on establishing product lines that focus on key outcomes by addressing real customer pain points, modernizing legacy systems, and strengthening core fundamentals. As a result, our systems and platforms support a wide range of banking and payments capabilities, including:
1. Tachyon, our cloud-native banking stack built for population-scale systems
2. Cipher, our unified authentication platform for secure, high-volume banking environments
3. Digital Credit as a Service, enabling banks to launch credit lines on UPI
4. Elena, our intelligent and conversational AI platform for banking
5. Pixel, India’s first digital-native credit card, launched in partnership with HDFC Bank, for whom we also revamped their PayZapp mobile app: Winner of the Celent Model Bank Award for Payments Innovation 2024
6. Sparrow, the leading card experience for non-prime cardholders in the US
…and more across cards, payments, lending, and core banking.
We are an engineering-first organization that values ownership, bias for action, and long-term thinking. Together, we solve some of the hardest problems in banking tech. Our culture is built around trust, collaboration, and creating the conditions for you to drive impact proportionate to your potential. Reinforcing our commitment to creating an inclusive and supportive workplace, we have been consistently recognized as a Great Place to Work.
If you want to build cutting-edge banking tech that enables banks to serve millions reliably, securely, and at a population scale, Zeta is your playground.
If you would like to learn more about how we have grown and evolved over the years, watch our journey here. You can also explore our website and follow us on LinkedIn, Instagram,YouTube, and X.
Zeta is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all backgrounds, cultures, and communities to apply and believe that a diverse workforce is key to our success.
About the Role
This role is part of the RIsk & Compliance Team, Engineering division of Zeta. The Application Security Engineer is responsible to secure all mobile & web applications along with API’s by breaking and hacking them and educating Developers as well as DevOps teams on how to fix them. The objective is to make zeta applications and platforms secure. As Application Security Engineer of the Product Security sub-division, you will be responsible for securing all the Zeta’s Products. You will be working as an individual contributor reporting to a manager.
Perform regular VA/PT for Web & Mobile applications, API & Infrastructure
Guide developers in fixing security issues.
Regular code reviews
Involve in application design discussions.
Perform Threat Modelling of Web/Mobile applications.
Develop secure code practices and educate dev and QA engineers by building security standards, policies for secure coding, secure data handling, secure networking, secure crypto implementation, etc.
Evaluate & Integrate security testing tools (SAST, DAST,SCA) in to CI/CD pipelines.
Responsibilities
Guide the technology organization's security and privacy initiatives by participating in design reviews and threat modeling.
The applications are developed by the developers and product managers, and you will make sure the applications are secured and hardened.
You will define the scope and ensure continuous adherence to the scope of projects at each phase (initiation to sustenance/maintenance phase).
You will be responsible for creating visibility, and adoption of the projects meant for internal customers.
Act as a security engineering expert and technical champion within Zeta.
Assess gaps, and tools to improve application security
Liasioning with all external and internal stakeholders for the team.
Mentoring developers and QA.
Evaluate bugs reported through the Bug Bounty program.
Run security posture of various applications across BU’s.
Continuous improvement of web/mobile application security
Quarterly VA/PT (internal/external, authenticate/non-authenticated) for mobile/web.
Secure configuration of Web/Mobile application, DB, Data etc.
Skills
Hands on VA/PT experience in Web, Mobile, API & Network
Thorough understanding of OWASP Top 10, their attack & defence mechanisms
Exposure to Secure SDLC Activities, Threat Modelling & Secure Coding
Experience on both commercial and open source tools like Burpsuite, AppScan, OWASP ZAP, BEEF, MetaSploit, Qualys, Nessus, Synk etc.
Identifying & exploiting business logic-related vulnerabilities.
Solid understanding of Cryptography, knowledge of PKI-based systems, TLS
Understanding of different AuthN/AuthZ frameworks (OIDC, oAuth, SAML) able to read/write/understand java code
Performed Static Analysis, Code reviews using tools like Snyk, Veracode, Checkmarx, Sonarqube etc.
Hands on Reversing mobile applications, class/small files, data obfuscators, or ciphers (Dex2jar, adb, Drozer, Clang, iMAS) and Dynamic Instrumentation tools like Frida/Objection
Execute penetration tests and security assessments on internal and external networks, Windows and Linux environments, cloud (AWS) Infrastructure.
Identify and exploit incorrect configurations and security vulnerabilities on Windows and Linux servers. Safely utilize tools, tactics, and procedures used in penetration testing engagements.
Shell scripting or automation of simple tasks using Python, or Ruby
Knowledge of PA-DSS, PCI SSF (S3, SSLC) etc.
Knowledge of security standards like PCI DSS, UIDAI, GDPR, NIST etc.
Understanding of Java Frameworks like Springboot, CI/CD, Jenkins.
In-depth understanding of production operations on public cloud infrastructure.
Excellent written and oral communication and a penchant for technical documentation.
Must have participated in various bug bounty programs (HackerOne, Bug Crowd, Private etc)
Experience in conducting hackathons and CTF’s
Knowledge of AWS/Azure (VPC/Vnet, S3 buckets, blob stores, LoadBalancers etc.), Dockers & Containers, Kubernetes
Good understanding of agile development practices.
Certifications like OSCP(Preferred), GWAPT, Advanced Web Attacks and Exploitation (AWAE), Comptia Security+
Knowledge of Databases - Postgresql, Redshift, My SQL etc. and other data stores like Elasticsearch and S3 buckets.
Experience and Qualifications
2+ years of experience in developing large scale internet or SaaS applications.
2 to 3 years of overall experience as Web/Mobile Application Security engineer or Developer in medium to large-sized product companies. · Bachelor of Technology (BE/B.Tech), M.Tech or ME in Computer Science or equivalent from a Tier-1 engineering college/university
