System Engineer (1 to 3 years)

Headquartered in India, its flagship product, the PhonePe digital payments app, was launched in Aug 2016. As of April 2025, PhonePe has over 60 Crore (600 Million) registered users and a digital payments acceptance network spread across over 4 Crore (40+ million) merchants. PhonePe also processes over 33 Crore (330+ Million) transactions daily with an Annualized Total Payment Value (TPV) of over INR 150 lakh crore. 

PhonePe’s portfolio of businesses includes the distribution of financial products (Insurance, Lending, and Wealth) as well as new consumer tech businesses (Pincode - hyperlocal e-commerce and Indus AppStore Localized App Store for the Android ecosystem) in India, which are aligned with the company’s vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services.

At PhonePe, we go the extra mile to make sure you can bring your best self to work, Everyday!. And that starts with creating the right environment for you. We empower people and trust them to do the right  thing. Here, you own your work from start to finish, right from day one. PhonePe-rs solve complex problems and execute quickly; often building frameworks from scratch. If you’re excited by the idea of building platforms that touch millions, ideating with some of  the best minds in the country and executing on your dreams with purpose and speed, join us!

We are seeking a System Engineer with 1-3 years of experience to help maintain our proactive defense posture. You will manage the end-to-end lifecycle of technical vulnerabilities: from initial detection via our Wazuh-ELK stack to the final deployment of patches across our server and workstation fleet. This is a hands-on role requiring a mix of data analysis, security monitoring, and systems administration.

Regardless of your specific title, your day-to-day will likely revolve around these four pillars:

1. →Monitoring & Detection
   You act as the "eyes" of the organization, using SIEM tools (Wazuh, ELK Stack) to analyze logs and system behavior.
2. →Vulnerability & Patch Management
   Beyond finding security gaps, you are responsible for the entire remediation lifecycle: Scanning, Deployment & Validation.
   
   
3. → Compliance & Reporting
   You ensure the infrastructure remains within defined legal and technical boundaries:

• →Drift Monitoring: Identifying systems that fall out of alignment with CIS Benchmarks.
• →Audit Readiness: Generating the data and evidence needed for high-level audits like ReBIT or ISO 27001. 

These are the tools and technologies you should be able to navigate without a manual.

• Packet Analysis: Proficiency in Wireshark or Tcpdump to analyze traffic and identify malicious patterns.
• Protocols: Deep understanding of the OSI model, specifically how HTTP/S, DNS, DHCP, and SMB are exploited.
• Infrastructure: Knowledge of VPNs, Proxies, and the difference between Statefull and Stateless firewalls.

• Windows Internal & AD: Understanding Active Directory, Group Policy Objects (GPOs), and how "Living off the Land" binaries (Windows tools used by hackers) work.
• Linux Proficiency: Ability to navigate the CLI, manage permissions, and analyze logs in /var/log using grep, awk, and sed.
• EDR/AV Management: Experience managing Endpoint Detection and Response tools (like CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint).

• Shared Responsibility Model: Understanding what the provider (AWS/Azure/GCP) secures versus what the user secures.
• IAM (Identity & Access Management): Configuring the "Principle of Least Privilege" for users and service accounts.

You don't need to be a software engineer, but you must be able to read and modify code.

• Python: For automating log analysis or API integrations.
• PowerShell / Bash: Essential for interacting with OS environments and automating repetitive administrative tasks.

This is how you apply your technical knowledge to solve problems.

• Log Analysis (SIEM): The ability to write queries in ES/QL (ElasticSearch) or SPL (Splunk) to find needles in haystacks.
• Vulnerability Assessment: Moving beyond just running a scan (Nessus/OpenVAS) to interpreting the results and prioritizing them based on the business context.
• Threat Intelligence: Knowing how to use frameworks like MITRE ATT&CK to map attacker behavior and improve defenses.
  
  

• Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field.
• 1-3 years of experience in cybersecurity.
• Relevant certifications such as CEH, Security+, CCNA Security, or equivalent are an added advantage.
• Exposure to cloud security concepts is a plus.
• Strong analytical and problem-solving skills.
• Ability to learn and upgrade technical and other non-technical skills.
• Knowledge of security technologies, tools, and best practices.

Life at PhonePe

PhonePe in the news