Why This Job is Featured on The SaaS Jobs
SaaS businesses increasingly run on a dense mesh of cloud services, identity providers, endpoints, and logging pipelines, which makes “security tooling hygiene” a foundational capability rather than a niche task. This Security Administrator role is notable because it sits at the operational center of that ecosystem: keeping agents deployed, connectors healthy, and telemetry flowing so detection and response can function across the company’s stack.
For a SaaS career path, the work builds durable competence in the mechanics that underpin modern SecOps—SIEM workflows, alert tuning, and data quality across endpoints and cloud services. That experience tends to translate well across SaaS environments because most teams face the same recurring problems: coverage gaps, noisy detections, brittle integrations, and inconsistent logging. The emphasis on runbooks and configuration standards also develops the operational rigor needed as systems and audit expectations expand.
This role is best suited to someone who prefers structured, detail-oriented work and takes pride in reliability and consistency. It aligns with professionals who want to become strong in security operations fundamentals—working closely with SecOps, Security Engineering, and IT—before moving deeper into detection engineering, platform security tooling, or broader cloud security ownership.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Title: Security Administrator
Location: Noida (Hybrid)
Role Overview
The Security Administrator plays a critical operational role in maintaining the health of the security stack and supporting the development of meaningful, high quality alerts. This role ensures the company’s security tools are deployed correctly, integrated well, monitored continuously, and tuned to surface the right signals at the right time across the entire business. The ideal candidate understands security tooling, logging pipelines, SIEM workflows, and the basics of attacker behavior. They are disciplined, proactive, and committed to keeping the environment clean, consistent, and detection ready.
Key Responsibilities
- Maintain the day to day health of all security tools including endpoint security, MDM, logging agents, cloud connectors, vulnerability scanners, and identity tooling.
- Ensure agent coverage is complete and functioning across endpoints, servers, and cloud workloads.
- Monitor dashboards and systems for gaps, misconfigurations, outdated versions, or broken integrations.
- Work with SecOps to build, adjust, and tune alerts that identify suspicious behavior without creating excessive noise.
- Develop and maintain SIEM rules, saved searches, dashboards, and baseline checks.
- Review false positives and help refine logic, thresholds, and detection patterns.
- Ensure logs from endpoints, cloud services, identity systems, and applications are consistently ingested.
- Identify missing data sources and work with Security Engineering or IT to restore coverage.
- Verify parsing, field extraction, and data quality issues that impact alert fidelity.
- Assist with triaging alerts, collecting evidence, and performing initial investigations.
- Run routine system checks and operational health reviews for all security tools.
- Document repeatable runbooks and configuration standards.
- Compliance and Audit Support
- Partner with SecOps for alert development and daily operational work.
- Partner with Security Engineering to support detection pipelines and tool integrations.
- Partner with IT on endpoint health, identity workflows, and user lifecycle alignment.
Required Experience and Skills
- Two to four years of experience working with security or IT tools, SIEM systems, endpoint platforms, or logging systems.
- Experience managing agent deployments, troubleshooting coverage gaps, and maintaining tool health.
- Understanding of SIEM rules, detection logic, or alerting workflows.
- Strong troubleshooting skills and comfort navigating logs and dashboards.
- Ability to execute detailed, repetitive tasks with consistent accuracy.
Preferred Experience
- Experience with Sumo Logic
- Familiarity with common attacker techniques and MITRE ATTandCK.
- Experience with EDR platforms, MDM tools, and vulnerability scanners.
- Exposure to cloud security, identity systems, and configuration management.
What Success Looks Like
- Security coverage remains consistently high across the environment.
- Alerts improve in quality and produce fewer false positives.
- Log ingestion stays healthy, complete, and reliable.
- Tool configurations remain up to date, tuned, and aligned with best practices.
- SecOps and Security Engineering can operate faster because the operational foundation is strong and dependable.
About Us
Sumo Logic, Inc. helps make the digital world secure, fast, and reliable by unifying critical security and operational data through its Intelligent Operations Platform. Built to address the increasing complexity of modern cybersecurity and cloud operations challenges, we empower digital teams to move from reaction to readiness—combining agentic AI-powered SIEM and log analytics into a single platform to detect, investigate, and resolve modern challenges. Customers around the world rely on Sumo Logic for trusted insights to protect against security threats, ensure reliability, and gain powerful insights into their digital environments. For more information, visit www.sumologic.com.
Sumo Logic Privacy Policy. Employees will be responsible for complying with applicable federal privacy laws and regulations, as well as organizational policies related to data protection.
