Sr. Security Engineer - Information Security

Pinkvilla is seeking a dynamic Information Security professional, who will contribute to strengthening our security posture by working closely with cross-functional teams, monitoring threats, securing applications, and ensuring compliance with security standards and best practices.

Key Responsibilities:

Application & Infrastructure Security

• Perform secure code reviews and application penetration testing.
• Collaborate with development teams to integrate security into the SDLC/DevSecOps pipeline.
• Identify and remediate vulnerabilities in web and mobile applications.
• Conduct vulnerability assessments and coordinate remediation with infrastructure teams.
• Ensure cloud/on-prem environments adhere to security baselines and compliance requirements.

Security Operations & Incident Management

• Monitor, analyze, and respond to security alerts using SIEM and other security monitoring tools.
• Perform log analysis, threat detection, and incident response coordination.
• Create and maintain playbooks and standard operating procedures for incident response.

• Support continuous improvement of SOC processes and threat intelligence capabilities.

Governance, Risk & Compliance (GRC)

• Support security governance activities, including policy development and review.
• Assist in maintaining compliance with security standards (ISO 27001, NIST, CIS, PCI-DSS, etc.).
• Conduct periodic risk assessments and ensure mitigation plans are in place.
• Participate in internal/external security audits and drive remediation efforts.

Qualifications:

• Bachelor’s degree in Computer Science or Information Security or related field
• 4–6 years of experience in Information Security roles covering Application Security, SOC, Infrastructure Security.
• Knowledge of application security tools (e.g., Burp Suite, Fortify, Veracode, OWASP ZAP).
• Hands-on experience with SIEM tools (e.g., QRadar, Sentinel), vulnerability scanners, and endpoint protection tools
• Excellent verbal and written communication skills with attention to detail
• Strong project management skills
• Strong analytical and problem-solving skills, with ability to work under pressure.

Preferred Skills:

• Relevant certifications: CEH, OSCP, GWAPT, Security+, or similar.
• Experience with cloud security (Azure/GCP).
• Exposure to automation/scripting for security operations (Python, PowerShell, Bash).