Activate JobCopilot
About Us:
Paytm is India’s leading digital payments and financial services company, which is focused on driving consumers and merchants to its platform by offering them a variety of payment use cases. Paytm provides consumers with services like utility payments and money transfers, while empowering them to pay via Paytm Payment Instruments (PPI) like Paytm Wallet, Paytm UPI, Paytm Payments Bank Netbanking, Paytm FASTag and Paytm Postpaid - Buy Now, Pay Later. To merchants, Paytm offers acquiring devices like Soundbox, EDC, QR and Payment Gateway where payment aggregation is done through PPI and also other banks’ financial instruments. To further enhance merchants’ business, Paytm offers merchants commerce services through advertising and Paytm Mini app store. Operating on this platform leverage, the company then offers credit services such as merchant loans, personal loans and BNPL, sourced by its financial partners.
About the team:
The Information Security team at Paytm Payments Services limited plays a critical role in shaping the company’s information security strategy, infrastructure, and capabilities. The team helps the organization to identify current cybersecurity risks, threats, and vulnerabilities. To effectively implement the cybersecurity GRC program, PPSL is planning to add dedicated resources for information security Tool/Technologies like Data loss prevention, Cloud Security and SOC (Security operations) etc.
Roles and Responsibilities
The SOC Lead is responsible for leading a dynamic security operations team delivering end-to-end managed security services with strong coverage across incident response, proactive threat defense, secure infrastructure design, and future-ready cloud security initiatives.
Key Responsibilities:
Minimum 5 years of Experience in SIEM (IBM Qradar) implementation and support.
Lead L1-L3 analysts and incident responders in 24x7 threat detection and response operations, ensuring SLAs, SOPs, and escalations are followed.
In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
Define and implement scalable SIEM, SOAR, and EDR-based architecture aligned with MITRE ATT&CK and NIST frameworks.
Technology Integration & Stack Ownership of QRadar (SIEM), Cortex (EDR/XDR), Qualys and Zscaler (Threat Detection), and AWS integration as future expansion.
Drive the Incident Response Lifecycle, from detection to containment, investigation, remediation, and RCA. Use IOC/IOA analysis, automation (SOAR), and EDR telemetry for rapid triage.
Conduct proactive threat hunting using MITRE mapping. Leverage threat intel feeds, UEBA, and behavioural analytics to identify stealthy attackers.
Work with development teams to guide manual code reviews, improve Python/Shell-based security scripts, and embed OWASP Top 10 awareness in secure SDLC practices.
Collaborate with cloud teams to implement and monitor CSPM (e.g., Security Hub, Dome9) and CNAPP tools (e.g., Prisma Cloud, Wiz) for secure posture in AWS/Azure environments.
Build custom SOC dashboards and KPI metrics (MTTD, MTTR, Use Case Efficacy) using SIEMs like QRadar
Ensure adherence to HIPAA, SOX, NIST, and internal GRC policies. Support audits and compliance-driven event reporting.
Deliver weekly/monthly reports on SOC performance and critical incidents to senior leadership & CISO.
Design in-house phishing simulations, SOC drills, tabletop exercises, and secure coding sessions for cross-functional teams.
Manage contracts, PoCs, and performance of cybersecurity vendors (EDR, SIEM, SOAR, threat feeds, cloud security providers).
Qualifications
Bachelor’s degree in computer science, Information Technology, Information Security, or related field.
8-10 years in Cybersecurity, with a focus on SOC leadership, incident response, SIEM engineering, EDR operations, and cloud-native security.
Demonstrated expertise in:
SIEM (IBM QRadar) – Use case development, tuning, threat detection rules
EDR/XDR (Cortex preferred) – Threat triage, endpoint isolation, IOC management
CSPM/CWPP/CNAPP tooling (Prisma Cloud, Wiz, Security Hub) – Preferred for cloud environment maturity
Threat modelling, IOC/IOA analysis, MITRE ATT&CK
Manual code review (Python/Shell), understanding of OWASP Top 10
Familiarity with:
Network tools: Firewalls, WAFs, IDS/IPS, Proxies, Load balancers
IAM and Authentication Protocols: OAuth, SAML, SSO, federated ID
Vulnerability & Patch Management Tools (e.g., Qualys, Nessus)
Knowledge of SOAR, UEBA, CASB tools is a plus.
Strong grasp of NIST 800-53, MITRE, and Zero Trust principles
Certifications (preferred): CISSP/CISM/CCSP with IBM Certified Analyst certification for Security QRadar SIEM.
Interpersonal Skills:
Excellent communication and leadership skills
Experience in performing vendor management
Ability to handle high-pressure situations with key stakeholders
Good Analytical skills, Problem-solving and Interpersonal skills
Creation of reports, dashboards, and metrics for SOC operations and presentation to Sr. Mgmt.
Why join us:
We give immense opportunities to make a difference and have a great time doing that. You are challenged and encouraged here to do meaningful work for yourself and customers/clients. We are successful, and our successes are rooted in our people's collective energy and unwavering focus on the customer, and that's how it will always be.
Compensation:
If you are the right fit, we believe in creating wealth for you. With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!
Your email job alert is now active!
