Senior Security Engineer (Microsoft Stack)

About Xeo Software

At Xeo, we build enterprise-grade software with a focus on performance, reliability, and scalability. We're expanding our presence in India and seeking a security expert to help us raise the bar by securing our infrastructure, applications, and deployment pipelines from the ground up.

If you're the kind of engineer who can walk into a system, spot weaknesses before attackers do, and harden environments without being told what tool to use we'd like to meet you.

Our Core Values Come First

At Xeo Software, we believe skills can be taught, but values must be shared. To thrive here, you must not only be technically strong you must live out the principles that define how we work together and with our clients.

Two-Way Candor

We speak directly and respectfully, even when conversations are hard. We invite honest feedback and give it in return, knowing it strengthens trust and outcomes.

Excellence & Professionalism

We take pride in doing things right the first time. That means going beyond good enough polishing details, documenting solutions, and holding ourselves to the highest standard.

Continuous Learning

Technology evolves fast, and so do we. We actively seek out new tools, share knowledge with teammates, and integrate innovations that drive better results.

Loyalty to Team & Clients

We succeed together. We support one another, assume good intent, and show the same loyalty to our clients that we do to our coworkers.

If these values resonate with you, you'll feel at home here. If not, no matter your technical skills, this isn't the right place for you.

Role Overview

Senior Security Engineer

clean external penetration test within six months

Key Responsibilities

• Secure our infrastructure

  : Harden Windows servers, VMware environments, FortiGate firewalls, and Microsoft-stack applications.

• Integrate security into DevOps

  : Embed security checks into CI/CD pipelines (DevSecOps), automate vulnerability scanning, and enforce least-privilege access.

• Threat detection & monitoring

  : Deploy and manage SIEM, IDS/IPS, and endpoint protection tools; tune alerts and response playbooks.

• Vulnerability management

  : Conduct continuous assessment, patching, and configuration audits across systems and applications.

• SOC 2 readiness

  : Implement and maintain technical controls required for certification, collaborating with external auditors as needed.

• Policy foundation

  : Define practical security standards and technical baselines (system hardening, password policies, patch cadence, etc.).

• Advisory leadership

  : Serve as the organization's primary voice for infrastructure and application security, guiding engineers and management.

Required Skills & Experience

• 7+ years of experience in

  cybersecurity or systems security engineering

  , with at least 3 years in a

  Microsoft-centric environment

  .
• Deep expertise in

  Windows Server

  ,

  Active Directory

  ,

  VMware

  ,

  FortiGate firewalls

  , and

  Azure or Microsoft 365

  ecosystems.
• Proven experience integrating

  DevSecOps practices

  into CI/CD pipelines (e.g., Azure DevOps, GitHub Actions, Jenkins).
• Hands-on proficiency with

  threat detection tools

  ,

  vulnerability scanners

  , and

  endpoint protection

  suites.
• Working knowledge of

  SOC 2

  or similar frameworks (ISO 27001, NIST 800-53).
• Strong understanding of

  network segmentation, identity management, encryption

  , and

  secure application deployment

  .
• Experience conducting or preparing for

  external penetration testing

  engagements.
• Excellent documentation and communication skills able to explain complex risk and remediation paths clearly.

Preferred Qualifications

• Relevant certifications:

  CISSP

  ,

  OSCP

  ,

  CEH

  ,

  AZ-500

  , or

  MS-500

  .
• Experience in

  security automation

  (PowerShell, Python, Terraform, etc.).
• Prior work in a

  product engineering company

  or

  security consultancy

  environment.

Why Join Xeo

• Autonomy and ownership:

  You'll set the direction for Xeo's technical security from day one.

• Visible impact:

  Your work will be benchmarked against independent security validation (pen tests, SOC 2).

• Collaborative, engineering-first culture:

  We value clean design, smart automation, and technical excellence.

Growth opportunity: