Security Engineer
Experience: 3-5 years
Location: Coimbatore & Bangalore
AppViewX is trusted by the world's leading organizations to reduce risk, ensure compliance, and increase visibility through automated certificate lifecycle management. At AppViewX, you will get to work with our AVX ONE platform that provides complete certificate lifecycle management and PKI-as-a-Service using streamlined automation workflows to prevent outages, reduce security incidents and enable crypto-agility.
Glimpse of our Team
The core of AppViewX lies within its robust, flexible low code platform which is being built by the architecture team. The team designs ready to consume solutions that efficiently orchestrate and meet the scalable demands of our ever-growing customers. If you are someone who would like to develop solutions using cutting-edge technologies like Kubernetes, Containers and Service Mesh and design this low code platform then this is the right place for you!!
Why this role exists
We are hiring a Security Engineer who lives at the intersection of SOC alerting and vulnerability remediation — the work that connects 'something looks wrong' to 'something is fixed.' You will own the close-the-loop motion: triage SOC alerts and vulnerability findings, prioritize against business context and threat intel, assign and chase down remediation owners, and measure what actually got fixed. AI leverage: AI SAST AppSec triage, CSPM for cloud findings, AISOC for L1/L2 alert handling, and your own agents for the repetitive parts of the remediation loop.
What you will own
- SOC alert triage and response. Operate primarily as a SOC engineer and analyst. Triage alerts. Calibrate severity. Route or escalate. Be the human in the loop with AI and Agents operating under your authority.
- Vulnerability alert handling and remediation coordination. Take the daily dose of vulnerability findings (SAST/SCA/Secrets, CSPM, container/infra, endpoint via EDR) and turn it into a managed remediation pipeline. Apply CTEM/risk-context prioritization — CVSS + EPSS + KEV + business context.
- Close-the-loop ownership. Open the ticket, assign the right owner (Engineering / SRE / Corp IT / AppSec), ensure the SLA, run the rescan/retest, document the fix in GRC Platform, and close the ticket. Make 'open and forgotten' a thing of the past.
- SLA enforcement and metrics. Operate the SLA dashboard. Watch for aging items at 75% of SLA window and escalate. Run the weekly SLA compliance report. Own the monthly CISO view of open vulnerabilities, MTTR trends, and aging by owner.
- Threat hunting partnership. Support the Senior SOC/Detection Engineer on hypothesis-driven threat hunts. Bring vulnerability and remediation context into hunts (e.g., known unpatched assets focused hunt).
- AI agents for the loop. Build agents where the work is repetitive: alert deduplication and enrichment, vuln-to-owner routing, SLA reminder cadences, evidence collection for closures, post-mortem drafting. You decide where the human stays in the loop.
- Incident response support. During Severity 1/2 events, serve as a SOC technical contributor — investigation, evidence collection, timeline documentation, customer-advisory technical content (with CSIRT/PSIRT/CISO oversight).
- Customer reports. Be the SOC partner for customer-reported security issues — initial triage, severity calibration, and handoff to the right internal owner with proper escalation.
You may work on
- MDR partnership runbook authorship and detection content engineering
- Code-level vulnerability fixes (owned by Engineering — you coordinate, prioritize, and verify, & may even help provide or author the code patches).
- Ensure Production patching execution SLAs completed by SRE/DevOps
- Endpoint patching execution (owned by Corporate IT — you set SLA expectations and ensure compliance).
- Incident command for Severity 1 events (owned by the Sr. SOC Engineer, escalating to CISO).
First 90 days
- SOC triage shift coverage operational with the SOC Lead — defined handoff cadence, escalation paths, on-call rotation seat.
- Vulnerability remediation pipeline measured end-to-end: time-to-triage, time-to-assignment, time-to-fix, SLA compliance baseline established.
- First AI agent shipped for the remediation loop (e.g., alert enrichment, vuln-to-owner routing, or SLA chase cadence).
- Top 10 highest-aging vulnerabilities triaged and either closed, exception-approved, or escalated with documented compensating controls.
- Weekly SLA compliance dashboard live for the CISO and Director of Security Engineering review.
What we are looking for
Required
- Four or more years in SOC, security operations, vulnerability management, or incident response — with hands-on alert triage and remediation coordination experience.
- Hands-on with SIEM/EDR/XDR tooling (CrowdStrike, Splunk, Sentinel, Chronicle, Sumo, or equivalent).
- Hands-on with at least one vulnerability scanner or AppSec platform (Endor, Snyk, Tenable, Qualys, Rapid7, Wiz, Aqua, AWS Inspector, or comparable).
- Fluency with CVSS v3.1/v4.0, EPSS, CISA KEV, and risk-context prioritization frameworks (CTEM or similar).
- Strong written and verbal communication — you can write a remediation ticket an engineer will actually act on, and you can escalate to the CISO when needed.
- Demonstrated comfort with MITRE ATT&CK and threat-actor TTPs at the conversational level.
Preferred
- Hands-on building AI agents or automations for SOC, vulnerability management, or IT operations work.
- Operational experience with an MDR partner (Expel, Arctic Wolf, Rapid7, Red Canary, or comparable).
- Experience with AISOC platforms
- GIAC certifications (GCIA, GCFA, GCIH) or equivalent.
- Cloud-native security experience (AWS, Azure, GCP) — you understand cloud findings and can route them to the right owner.
- Familiarity with PKI / certificate management / machine identity — relevant to AppViewX's product domain.
How you operate
- AI-native and AI-first. AI handles the 80 percent — enrichment, classification, routing, drafting. You handle the 20 percent that needs judgment. You build agents to extend the 80, not to replace yourself. You set the standard you ask others to meet.
- Agile operator. You ship in days and weeks, not quarters. You build a workflow Monday, measure it Tuesday, kill or scale it by Friday. You're a 70-percent-now person, not a 100-percent-eventually person.
- Bias to closure. An alert open without a triage decision is a failure. A vulnerability open past SLA is a failure. You operate to close, not to log.
- Human in the loop. You know exactly where AI confidence isn't enough — and you stay in those loops. Customer impact, regulatory exposure, novel attack patterns, low-confidence findings.
- Engineering discipline for SOC work. You instrument everything. Your dashboards exist because you built them. Your SLAs are tracked because you wired the tracking.
- Owner of the loop, not a step in it. You take responsibility for the outcome end-to-end — from alert to closed ticket to documented evidence — even when the actual fix is owned by another team.
- Bridge-builder. Engineering, SRE, Corp IT, and AppSec see you as the SOC partner who makes their lives easier, not harder.
Why AppViewX
- A real mandate to operate an AI-native SOC — with executive sponsorship, modern tooling, and a clear pairing model with the SOC Lead and Senior SOC/Detection Engineer.
- A peer security team committed to AI-first operating principles and engineering discipline applied to SOC work.
- Direct visibility into board-level security reporting via the CISO.
- The chance to help define what an AI-augmented SOC looks like inside a company whose products secure the AI infrastructure of others.
Compensation & benefits
Compensation is calibrated to candidate experience, level, and location. AppViewX offers a competitive base, performance bonus, equity, and a comprehensive benefits package including health, retirement, and learning and development support. Specific ranges will be discussed during the interview process.
Equal opportunity
AppViewX is an equal opportunity employer. We make hiring decisions based on merit, qualifications, and business need, and we welcome applications from candidates of all backgrounds. We do not discriminate on the basis of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other characteristic protected by applicable law. Reasonable accommodations are available on request for qualified candidates with disabilities.
How to apply
Submit your resume and a brief note (no formal cover letter required) describing one or two SOC, vulnerability management, or remediation outcomes you have personally driven — alerts you triaged, vulnerabilities you closed, SLA improvements you achieved, or automations you shipped — that are most relevant to this role.
