Security Operations Engineer

Kovai.co is a catalyst, sparking a revolution in the world of enterprise software and B2B SaaS, we are a technology powerhouse delivering best-in-class enterprise software and game-changing SaaS solutions across industries.At Kovai.co, we're rewriting the B2B landscape by empowering over 2, businesses worldwide with our award-winning SaaS solutions.Our Products:BiztalkTurboDocument“UK headquarters. Indian innovation. Global impact.”Our journey has been nothing short of remarkable, having witnessed exponential growth and profitability right from our inception.We are on track towards $30 million in annual revenue – and we're just getting started.Kovai.co is fueled by a tribe of thoughtful helpers, obsessed with empowering customers, uplifting colleagues, and igniting our own journeys.Redefining tech is our game. Are you in? Join Kovai.co – where passion meets purpose.Role Summary : We are seeking a hands-on Security Engineer to own infrastructure security, vulnerability assessment, patch risk analysis, and incident response in a SaaS environment. This role will act as the primary security owner for endpoints, cloud infrastructure, identity, and network security in the absence of a dedicated SOC, while balancing security risk and product stability. Key Responsibilities 1. Vulnerability Assessment & Risk-Based Patch Management Perform infrastructure-level vulnerability assessments (VAPT) across cloud, servers, endpoints, networks, and identity systems. Assess Windows OS and third-party security updates, evaluate exploitability, CVSS severity, and business/product impact. Set up and maintain sandbox or staging environments to test patches before production rollout. Define patch deployment strategies (immediate, phased, deferred with compensating controls). Track vulnerabilities from discovery to closure with clear risk acceptance or remediation decisions. 2. Endpoint & OS Security Secure and harden Windows/Linux endpoints and servers using CIS benchmarks and security baselines. Manage and tune endpoint protection platforms (AV, EDR, XDR). Investigate malware or suspicious activity, isolate affected systems, and perform root cause analysis (RCA). Reduce attack surface by enforcing secure configurations and least privilege. 3. Cloud, Identity & Access Security Secure Azure infrastructure using Defender for Cloud / Azure Security Center and native controls. Manage and review Azure Entra ID (Azure AD): User access reviews and role hygiene Privileged identity and conditional access Identify risks from unmanaged or shadow SaaS applications (paid and free). Assess credential exposure risks, MFA gaps, and excessive access. 4. Network & Perimeter Security Review and maintain firewall rules, VPNs, NAT, and network segmentation. Conduct network vulnerability and configuration reviews. Validate intrusion prevention, threat filtering, and secure connectivity. 5. Incident Detection & Response (No SOC Environment) Act as the first responder for security incidents in the absence of a SOC. Monitor security alerts from endpoint, cloud, and identity platforms. Correlate events, determine impact, and lead containment and remediation. Document incidents, lessons learned, and preventive actions. 6. Governance, Documentation & Continuous Improvement Translate technical vulnerabilities into clear business risk statements. Maintain vulnerability reports, patch risk assessments, and security baselines. Support audits and compliance efforts (ISO , NIST, CIS). Continuously improve security processes and tooling coverage. Tools & Technologies Vulnerability Assessment: Nessus, Qualys, MS Defender Vulnerability Management, NMAP Patch & MDM: Intune, ManageEngine, WSUS, Zoho Endpoint Central (planned) Endpoint Security: Microsoft Defender, CrowdStrike, SentinelOne, Sophos Central (planned) Cloud & Identity Security: Azure, Azure Entra ID, Azure Defender, Azure Sentinel (optional, not SOC-driven) Network Security: Sophos XGS , Sophos Connect VPN SSL, FortiGate, Palo Alto, Cisco ASA Email & SaaS Security: O Defender, O Exchange, O SharePoint, O Purview, MS Teams Admin portal Dev & Collaboration Tools: Visual Studio Admin, MS DevOps Support & Operations Tools: Freshdesk, Freshservice Physical & Biometric Security: EZ View (CCTV), NetX-Spectra (Biometric App) Experience & Skills 4–8 years in infrastructure/cloud security Strong Windows security and patching experience Azure security & identity management expertise Ability to make and justify risk-based security decisions Comfortable working independently without a SOC Equal Opportunities:Kovai.co is committed to building a workforce that reflects the richness of our society. We believe in fostering a culture of belonging and respect for all. Kovai.co stands firmly against discrimination, ensuring equal opportunity for everyone to build a successful career. Submit Your Application You have successfully applied You have errors in applying Apply With Resume * First Name* Middle Name Last Name* Email* Mobile Phone Social Network and Web LinksProvide us with links to see some of your work (Git/ Dribble/ Behance/ Pinterest/ Blog/ Medium) + { "@context" : " "@type" : "JobPosting", "url" : " "title" : "Security Operations Engineer", "description" : "

Kovai.co is a catalyst, sparking a revolution in the world of enterprise software and B2B SaaS, we are a technology powerhouse delivering best-in-class enterprise software and game-changing SaaS solutions across industries.

At Kovai.co, we're rewriting the B2B landscape by empowering over 2, businesses worldwide with our award-winning SaaS solutions.
Our Products:

• Biztalk
• Turbo
• Document

“UK headquarters. Indian innovation. Global impact.”

Our journey has been nothing short of remarkable, having witnessed exponential growth and profitability right from our inception.

We are on track towards $30 million in annual revenue – and we're just getting started.

Kovai.co is fueled by a tribe of thoughtful helpers, obsessed with empowering customers, uplifting colleagues, and igniting our own journeys.

Redefining tech is our game. Are you in? Join Kovai.co – where passion meets purpose.

Role Summary :  

We are seeking a hands-on Security Engineer to own infrastructure security, vulnerability assessment, patch risk analysis, and incident response in a SaaS environment. This role will act as the primary security owner for endpoints, cloud infrastructure, identity, and network security in the absence of a dedicated SOC, while balancing security risk and product stability. 

Key Responsibilities  

1 . Vulnerability Assessment & Risk-Based Patch Management 

• Perform infrastructure-level vulnerability assessments (VAPT) across cloud, servers, endpoints, networks, and identity systems. 
• Assess Windows OS and third-party security updates, evaluate exploitability, CVSS severity, and business/product impact. 
• Set up and maintain sandbox or staging environments to test patches before production rollout. 
• Define patch deployment strategies (immediate, phased, deferred with compensating controls). 
• Track vulnerabilities from discovery to closure with clear risk acceptance or remediation decisions. 

2. Endpoint & OS Security  

• Secure and harden Windows/Linux endpoints and servers using CIS benchmarks and security baselines. 
• Manage and tune endpoint protection platforms (AV, EDR, XDR). 
• Investigate malware or suspicious activity, isolate affected systems, and perform root cause analysis (RCA). 
• Reduce attack surface by enforcing secure configurations and least privilege.  

3. Cloud, Identity & Access Security  

• Secure Azure infrastructure using Defender for Cloud / Azure Security Center and native controls. 
• Manage and review Azure Entra ID (Azure AD): 
  • User access reviews and role hygiene 
  • Privileged identity and conditional access 
• Identify risks from unmanaged or shadow SaaS applications (paid and free). 
• Assess credential exposure risks, MFA gaps, and excessive access. 

4. Network & Perimeter Security  

• Review and maintain firewall rules, VPNs, NAT, and network segmentation. 
• Conduct network vulnerability and configuration reviews. 
• Validate intrusion prevention, threat filtering, and secure connectivity. 

5. Incident Detection & Response (No SOC Environment)  

• Act as the first responder for security incidents in the absence of a SOC. 
• Monitor security alerts from endpoint, cloud, and identity platforms. 
• Correlate events, determine impact, and lead containment and remediation. 
• Document incidents, lessons learned, and preventive actions. 

6. Governance, Documentation & Continuous Improvement  

• Translate technical vulnerabilities into clear business risk statements. 
• Maintain vulnerability reports, patch risk assessments, and security baselines. 
• Support audits and compliance efforts (ISO , NIST, CIS). 
• Continuously improve security processes and tooling coverage. 

Tools & Technologies

• Vulnerability Assessment : Nessus, Qualys, MS Defender Vulnerability Management, NMAP 
• Patch & MDM : Intune, ManageEngine, WSUS, Zoho Endpoint Central (planned) 
• Endpoint Security : Microsoft Defender, CrowdStrike, SentinelOne, Sophos Central (planned) 
• Cloud & Identity Security : Azure, Azure Entra ID, Azure Defender, Azure Sentinel (optional, not SOC-driven) 
• Network Security : Sophos XGS , Sophos Connect VPN SSL, FortiGate, Palo Alto, Cisco ASA 
• Email & SaaS Security : O Defender, O Exchange, O SharePoint, O Purview, MS Teams Admin portal 
• Dev & Collaboration Tools : Visual Studio Admin, MS DevOps 
• Support & Operations Tools : Freshdesk, Freshservice 
• Physical & Biometric Security : EZ View (CCTV), NetX-Spectra (Biometric App) 

Experience & Skills  

• 4–8 years in infrastructure/cloud security 
• Strong Windows security and patching experience 
• Azure security & identity management expertise 
• Ability to make and justify risk-based security decisions 
• Comfortable working independently without a SOC 

 

Equal Opportunities:

Kovai.co is committed to building a workforce that reflects the richness of our society. We believe in fostering a culture of belonging and respect for all. Kovai.co stands firmly against discrimination, ensuring equal opportunity for everyone to build a successful career.

", "datePosted" : "- :07:00 UTC", "employmentType" : "FULL_TIME", "remote" : "false", "hiringOrganization" : { "@type":"Organization", "name":"Kovai.co" }, "jobLocation" : { "@type": "Place", "address": { "@type": "PostalAddress", "streetAddress": "", "addressRegion": "Coimbatore", "postalCode": "", "addressLocality": "Tamil Nadu", "addressCountry": "India" } } } var translation = { 'employer_title': `Designation`, 'employer_company': `Company/Business name`, 'employer_start_date': `Start date`, 'employer_end_date': `End date`, 'employer_is_current': `I currently work here`, 'employer_summary': `Summary`, 'employer_remove': `Remove this employer`, 'education_degree': `Degree`, 'education_field_of_study': `Field of study/major`, 'education_school_name': `Institution/school name`, 'education_start_date': `Start date`, 'education_end_date': `End date`, 'education_is_current': `Currently pursuing`, 'education_grade': `Grade`, 'education_remove': `Remove this degree` };