HDFC Bank SDE onboarding and first 90 days tips 2026

TL;DR

HDFC Bank SDE onboarding is a compliance-heavy gauntlet, not a technical ramp-up. Your first 90 days are judged on risk awareness, not code volume. The real test is navigating bank-grade security, legacy integrations, and the unspoken hierarchy between tech and business teams.

Who This Is For

This is for the SDE who just cleared HDFC’s 5-round loop (2 coding, 1 system design, 1 behavioral, 1 business alignment) and is staring at a 18-22 LPA offer letter. You came from a product company where shipping fast was the metric—here, shipping safe is the only metric. Your background is either a fintech startup or a non-bank FAANG team, and you’re about to learn that “agile” in banking means something entirely different.

What actually happens in HDFC Bank SDE onboarding week 1?

Onboarding is a 10-day compliance marathon, not an engineering orientation. Day 1 is HR paperwork and a 4-hour session on RBI circulars, not repo access. In a 2025 cohort, a new SDE was flagged for asking for Git access on day 2—it was denied until day 7, post-security clearance. The signal isn’t eagerness; it’s patience with process.

The real onboarding test is the Infosec quiz: 50 questions, 80% pass rate required, 3 attempts max. Fail, and you’re in a remediation queue with a 1:1 with the CISO’s team. Not a coding challenge, but a filter for who respects the risk framework.

You’ll get your laptop with a locked-down Windows image, no admin rights, and a Citrix workspace for legacy apps. The first technical task isn’t coding—it’s configuring your dual-auth tokens for 7 different systems.

How do HDFC Bank managers evaluate SDEs in the first 30 days?

Your manager isn’t judging your PRs; they’re judging your ability to trace a transaction. In a Q1 2025 debrief, a senior EM downgraded a new hire’s rating because they couldn’t explain how a UPI settlement failure propagated through the core banking ledger. The problem wasn’t the fix—it was the lack of system-level curiosity.

The first 30 days are about mapping the org: who owns the payment gateway, who owns the ledger, who owns fraud detection. The unspoken rule: tech doesn’t move without business sign-off. A new SDE once deployed a hotfix to a payment service without looping in the product risk team—it was rolled back within 2 hours, and the incident was logged as a “process violation,” not a technical error.

Your standups aren’t about velocity. They’re about blockers, and the only acceptable blocker is “waiting on compliance.” Everything else is on you.

What should an SDE focus on in days 30-60 at HDFC Bank?

Days 30-60 are about proving you can touch production without breaking it. You’ll be assigned a “buddy”—usually a senior SDE with 5+ years in the bank—whose job is to veto your changes, not mentor you. In a 2024 retro, a buddy confessed: “I’ve rejected 12 PRs this month. 11 were correct. 1 would’ve caused a settlement mismatch.”

The key deliverable is your first end-to-end change: a bugfix or minor enhancement that requires coordination with at least 3 teams (fraud, settlements, customer service). The metric isn’t lines of code—it’s the number of approvals you secure without escalation.

You’ll also start shadowing the on-call rotation. But here, on-call isn’t about incidents—it’s about incidents that could trigger an RBI audit. A Sev-2 in HDFC isn’t “site down”; it’s “transaction discrepancy detected by internal audit.”

How do you survive the first 90-day review at HDFC Bank?

The 90-day review is a pass/fail gate, not a calibration. In a 2025 calibration meeting, a hiring manager noted: “We’ve let go of 2 SDEs in the last 6 months for process violations, not performance.” The review isn’t about your output—it’s about your adherence to the bank’s risk posture.

You’ll present a 10-slide deck: 3 slides on what you’ve learned, 3 on what you’ve delivered, 4 on risks you’ve identified. The deck is reviewed by your EM, skip-level, and a risk manager. The risk manager’s feedback is the only one that matters.

The most common failure mode: overpromising. A new SDE committed to “reducing settlement latency by 20%” in their 90-day plan. The risk team killed the initiative on day 45 because it required a change to the ledger reconciliation logic. The SDE’s mistake wasn’t the goal—it was not pre-validating with risk.

What are the unspoken rules of HDFC Bank SDE culture?

The hierarchy is business > risk > tech. In a 2025 architecture meeting, a principal SDE proposed a microservice refactor to improve scalability. The head of settlements shut it down: “We don’t optimize for scale. We optimize for auditability.” The tech team’s job is to enable business outcomes, not drive them.

Code reviews are slow by design. A PR for a critical path (e.g., payment processing) requires 4 approvals: EM, risk, fraud, and compliance. The average PR in HDFC’s payment team has a 7-day review cycle. The signal isn’t speed—it’s thoroughness.

The worst thing you can do is say “this is how we did it at [FAANG].” In a 2024 skip-level, a new SDE suggested using a feature flag system to decouple deployments. The skip-level’s response: “We don’t do feature flags. We do controlled rollouts with rollback plans approved by risk.” The problem wasn’t the idea—it was the framing.

How do you build credibility with non-tech teams in HDFC Bank?

Credibility comes from speaking their language. In a 2025 incident postmortem, a new SDE lost the room when they described a bug as “a race condition in the transaction queue.” The business team didn’t care about the race condition—they cared that 127 customers were double-charged. The SDE’s mistake wasn’t technical—it was not translating the issue into business impact.

The fastest way to earn trust is to volunteer for “boring” work: documentation, post-incident reviews, compliance audits. In a 2024 team retro, a senior SDE noted: “The most respected engineers here aren’t the ones who write the most code. They’re the ones who write the most runbooks.”

You’ll also need to learn the bank’s internal tools. HDFC uses a mix of in-house and legacy systems (e.g., Finacle for core banking, custom fraud detection). A new SDE who spends their first month mastering these tools will outperform one who tries to introduce new ones.

Preparation Checklist

Map the org: Identify the owners of payment gateway, ledger, fraud detection, and compliance within your first 2 weeks.
Pass the Infosec quiz on the first attempt—anything less signals carelessness.
Shadow at least 3 on-call shifts in your first 60 days to understand the bank’s incident taxonomy.
Deliver one end-to-end change (bugfix or minor enhancement) that requires 3+ team approvals by day 60.
Document every process you touch—HDFC rewards runbooks over repositories. Work through a structured preparation system (the PM Interview Playbook covers risk-aware engineering in regulated environments with real debrief examples).
Secure a 1:1 with a risk manager to align your 90-day plan with their priorities.

Mistakes to Avoid

BAD: Deploying a hotfix without business sign-off. GOOD: Escalating the urgency to the risk team and waiting for written approval.
BAD: Proposing a technical solution without a business impact slide. GOOD: Framing every change in terms of customer risk, auditability, or settlement accuracy.
BAD: Assuming Git access means you can push to production. GOOD: Treating every commit as a compliance event, not a code event.

FAQ

Will I get admin rights on my laptop?

No. HDFC Bank laptops are locked down—no admin rights, no local installs, and no exceptions. Even senior engineers must submit tickets for software requests.

How long until I can push code to production?

Expect 3-4 weeks for sandbox access, 6-8 weeks for production access. The delay isn’t technical—it’s compliance. Your first PR will require approvals from at least 3 non-tech teams.

What’s the biggest reason SDEs fail their 90-day review?

Process violations. HDFC Bank has zero tolerance for bypassing approvals, misclassifying incidents, or failing security training. Technical mistakes are fixable; compliance mistakes are fireable.

Ready to build a real interview prep system?

Get the full PM Interview Prep System →

The book is also available on Amazon Kindle.