Razorpay
Senior Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Razorpay
Airtribe is an India-based company focused on community-led, expert-driven learning programs aimed at accelerating career growth for professionals in technology and product management. The platform connects learners with over 100 industry experts, creating an interactive environment where participants engage actively with instructors and peers. The company offers structured, immersive learning experiences that emphasize "learning by doing."Key offerings include expert-led courses in product management, software engineering, and design, along with mentorship programs that provide guidance and real-world project experience. Airtribe also supports learners with placement assistance, a job board, and networking events to connect them with hiring companies. With a focus on early to mid-career professionals, Airtribe has built a trusted community of over 40,000 learners, recognized for producing industry-ready talent.
Security at Razorpay
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Compliance & data protection: Focus on industry certifications and strong data protection. Encryption & tokenization: Use of TLS and AES and tokenization for sensitive data. Vulnerability disclosure / community collaboration: Razorpay maintains a public bug bounty program. Periodic testing / assessments: Razorpay conducts periodic security assessments. Developer-facing language (developer enablement vs gatekeeping): Information not publicly available. Risk philosophy (risk-based wording, threat modeling): Information not publicly available.”
Security Team
Org structure & reporting line: Information not publicly available. Key public-facing leaders: Information not publicly available. Team size estimate: Information not publicly available. Active AppSec job postings and tooling mentions: Information not publicly available from scraped pages.
Key Initiatives
Vulnerability intake / triage: Razorpay publishes a Vulnerability Disclosure Policy and uses HackerOne for bug reports. Triage/remediation SLAs or ticketing ownership: Information not publicly available. Security Champions program: Information not publicly available. "Shift left"practices (pre-commit, IDE, CI/CD integration): Information not publicly available. Secure SDLC artifacts (threat modeling, security reviews, pen tests): Razorpay references periodic assessments and penetration testing in general security guidance, but no discrete public quote specifying "threat modeling"or required "security reviews for all major features."Recent initiatives (last 6 months): Blog posts and docs emphasize certifications (SOC 3, PCI DSS, ISO 27001), Magic Checkout security, and periodic assessments; no AppSec-team-specific new tool rollouts or policy changes were found on scraped pages.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.