Senior Development Engineer II, Security Operations

kAIgentic is building the intelligence layer for the world's most ambitious enterprises. Headquartered in Singapore with teams in India and Japan, our software platform helps large organizations evolve as fast as technology itself by turning the tacit know-how locked inside their people into safe, governed, AI-powered operations.

The hardest part of enterprise transformation is not strategy. It is execution. Institutional knowledge lives in people's heads, systems are fragmented, and risk tolerance is low. kAIgentic captures how work actually happens, designs better workflows, and runs them inside an intelligence layer that is observable, auditable, and engineered for the most regulated environments on earth. The outcome is an enterprise that continuously improves.

We are backed by SMBC Group as our founding partner and customer zero, and our platform is already being proven inside one of the most complex, regulated operating environments in the world. That means real problems, real data, and real production impact from Day 1.

The Role

As a Senior Security Operations Engineer, you will own the live defense of kAIgentic’s intelligence layer. You will run our detection, response, and threat-hunting practice across cloud, endpoint, identity, SaaS, and AI surfaces, and keep the platform that financial institutions depend on safe in production every single day.

This is a pure SecOps role. Operational, technical, and high-trust. You will build the detection stack, tune the signal, hunt the threats other tools miss, run incidents to closure, and codify every learning into runbooks, automations, and controls. As we scale into more regulated customers, you will be the engineer who keeps the lights green inside an attack surface that is, by design, AI-native and unusually dynamic.

What You’ll Do

• Own end-to-end detection engineering across cloud (AWS, Azure, GCP), identity (Okta, Entra), endpoints, SaaS, and AI pipelines, including detections for prompt injection, model abuse, RAG poisoning, and tool-call misuse.

• Run incident response end to end: triage, containment, eradication, recovery, customer communication, and the post-incident review that makes the next incident smaller.

• Lead proactive threat hunting against high-value targets across infrastructure, identity, code repositories, secrets, and AI pipelines.

• Tune and operate the SIEM, EDR, CSPM, and SOAR stack. Move noisy alerts to automated decisions and keep human judgment where it matters.

• Build the SecOps automation layer in Python and SOAR playbooks: enrichments, response actions, evidence capture, ticketing, and customer notifications.

• Operate vulnerability management end to end: prioritization, patch SLAs, exception handling, and validation. Hold engineering accountable for fixing what matters.

• Run identity threat detection and response (ITDR), including session anomalies, OAuth abuse, MFA fatigue, and AI assistant or service-account token misuse.

• Own the on-call rotation, incident drills, tabletops, and game days. Keep the muscle in shape across the team.

• Partner with platform, infrastructure, and AI engineering teams to harden model, agent, and tool surfaces against new classes of attack and abuse.

• Translate operational learnings into hardened controls, detections, and policies, and feed clean evidence into audit and customer trust workflows when needed.

• Use AI fluently across detection authoring, alert triage, incident drafting, and threat enrichment to operate with higher leverage and tighter cycle times.

What You’ll Bring

• 5+ years in security operations, detection and response, incident response, or threat hunting. This is not a GRC or audit role.

• AI-native velocity as a default mode of working (mandatory). Comfortable using AI in day-to-day work to write detections, accelerate triage, draft incident artefacts, and move faster with judgment.

• Strong Python or equivalent scripting skills for detection engineering, automation, and tooling.

• Hands-on experience with at least one major cloud (AWS, Azure, or GCP) and its security primitives: IAM, KMS, GuardDuty / Defender, VPC, and audit logging.

• Hands-on experience operating SIEM (Splunk, Sumo, Elastic, Panther, or similar), EDR (CrowdStrike, SentinelOne, Defender, or similar), and SOAR.

• Proven track record of running real incidents to closure end to end, including communication under pressure.

• Strong fundamentals: TCP/IP, TLS, OS internals, OAuth / OIDC, Kubernetes basics, and modern attack chains.

• Calm under pressure. High-judgment, low-drama operator who improves the team’s composure rather than draining it.

Nice to have

• Detection and response experience in regulated industries such as financial services, fintech, regtech, or healthcare.

• Familiarity with AI-specific attack surfaces: prompt injection, model exfiltration, agent abuse, RAG poisoning, and tool-call misuse.

• Purple-team or offensive security background (OSCP, GPEN, GCIH, or equivalent practical work).

• GCFA, GCIH, GCDA, GCFR, OSDA, or equivalent SecOps certification.

• Experience standing up or significantly maturing a SecOps function inside a startup.

What great looks like

Early win. You replace the noisiest, lowest-value detections with high-fidelity ones, and meaningfully shorten mean time to triage on the alert classes that matter most.

In a year. You have built a measurably mature SecOps function. Detections cover the attack surfaces that matter, incident response is rehearsed and fast, AI-specific threats have first-class coverage, and our customers feel safer because of the work you do.

Why join kAIgentic?

We are a global team of builders who thrive in ambiguity, care deeply about the customers we serve, and believe the intelligence layer is how enterprise work will be reshaped over the next decade. We are building the connective tissue that lets large companies operate with the speed of a startup and the trust of an institution.

We look for people who:

• Combine technical excellence with genuine customer empathy.

• Are entrepreneurial and energized by zero-to-one problems with no playbook.

• Lead with ownership, integrity, and collaboration, not titles.

• Want to help define a new category of enterprise AI, not just ship inside an existing one.

• Working here means being surrounded by peers who challenge assumptions, celebrate progress, and build with both courage and care.

Life at kAIgentic

• Intelligence layer at the core. You will be shaping the substrate that turns institutional knowledge into governed, production-grade operations. This is enterprise infrastructure with real consequences.

• Innovation at enterprise scale. Startup velocity meets the depth, scale, and stakes of mission-critical, regulated environments. Both are non-negotiable.

• Ownership from Day One. Your work directly shapes the product, the culture, and the outcomes our customers see.

• Learning and growth. You will work alongside seasoned leaders from leading enterprises who have built and scaled global businesses.

• A culture of trust. Psychological safety, transparent disagreement, and disciplined experimentation are how we operate, not slogans on a wall.

• Global collaboration. Teams across Singapore, India, Japan, Europe, and the US, working as one.

• A mission worth the effort. Building something the world has not seen before: anintelligence layer that helps enterprises continuously improve how they run.