Security Administrator

The Security Administrator plays a critical operational role in maintaining the health of the security stack and supporting the development of meaningful, high-quality alerts. This role ensures the company’s security tools are deployed correctly, integrated well, monitored continuously, and tuned to surface the right signals at the right time across the entire business. The ideal candidate understands security tooling, logging pipelines, SIEM workflows, and the basics of attacker behavior, and is committed to keeping the environment clean, consistent, and detection-ready.

Must Have

• Maintain day-to-day health of security tools including endpoint security, MDM, logging agents, cloud connectors, vulnerability scanners, and identity tooling.
• Ensure agent coverage is complete and functioning across endpoints, servers, and cloud workloads.
• Monitor dashboards and systems for gaps, misconfigurations, outdated versions, or broken integrations.
• Work with SecOps to build, adjust, and tune alerts that identify suspicious behavior without creating excessive noise.
• Develop and maintain SIEM rules, saved searches, dashboards, and baseline checks.
• Review false positives and help refine logic, thresholds, and detection patterns.
• Ensure logs from endpoints, cloud services, identity systems, and applications are consistently ingested.
• Identify missing data sources and work with Security Engineering or IT to restore coverage.
• Verify parsing, field extraction, and data quality issues that impact alert fidelity.
• Assist with triaging alerts, collecting evidence, and performing initial investigations.
• Run routine system checks and operational health reviews for all security tools.
• Document repeatable runbooks and configuration standards.
• Two to four years of experience working with security or IT tools, SIEM systems, endpoint platforms, or logging systems.
• Experience managing agent deployments, troubleshooting coverage gaps, and maintaining tool health.
• Understanding of SIEM rules, detection logic, or alerting workflows.
• Strong troubleshooting skills and comfort navigating logs and dashboards.
• Ability to execute detailed, repetitive tasks with consistent accuracy.

Good to Have

• Experience with Sumo Logic
• Familiarity with common attacker techniques and MITRE ATT&CK.
• Experience with EDR platforms, MDM tools, and vulnerability scanners.
• Exposure to cloud security, identity systems, and configuration management.

Role Overview

The Security Administrator plays a critical operational role in maintaining the health of the security stack and supporting the development of meaningful, high quality alerts. This role ensures the company’s security tools are deployed correctly, integrated well, monitored continuously, and tuned to surface the right signals at the right time across the entire business. The ideal candidate understands security tooling, logging pipelines, SIEM workflows, and the basics of attacker behavior. They are disciplined, proactive, and committed to keeping the environment clean, consistent, and detection ready.

Key Responsibilities

• Maintain the day to day health of all security tools including endpoint security, MDM, logging agents, cloud connectors, vulnerability scanners, and identity tooling.
• Ensure agent coverage is complete and functioning across endpoints, servers, and cloud workloads.
• Monitor dashboards and systems for gaps, misconfigurations, outdated versions, or broken integrations.
• Work with SecOps to build, adjust, and tune alerts that identify suspicious behavior without creating excessive noise.
• Develop and maintain SIEM rules, saved searches, dashboards, and baseline checks.
• Review false positives and help refine logic, thresholds, and detection patterns.
• Ensure logs from endpoints, cloud services, identity systems, and applications are consistently ingested.
• Identify missing data sources and work with Security Engineering or IT to restore coverage.
• Verify parsing, field extraction, and data quality issues that impact alert fidelity.
• Assist with triaging alerts, collecting evidence, and performing initial investigations.
• Run routine system checks and operational health reviews for all security tools.
• Document repeatable runbooks and configuration standards.
• Compliance and Audit Support
• Partner with SecOps for alert development and daily operational work.
• Partner with Security Engineering to support detection pipelines and tool integrations.
• Partner with IT on endpoint health, identity workflows, and user lifecycle alignment.

Required Experience and Skills

• Two to four years of experience working with security or IT tools, SIEM systems, endpoint platforms, or logging systems.
• Experience managing agent deployments, troubleshooting coverage gaps, and maintaining tool health.
• Understanding of SIEM rules, detection logic, or alerting workflows.
• Strong troubleshooting skills and comfort navigating logs and dashboards.
• Ability to execute detailed, repetitive tasks with consistent accuracy.

Preferred Experience

• Experience with Sumo Logic
• Familiarity with common attacker techniques and MITRE ATT&CK.
• Experience with EDR platforms, MDM tools, and vulnerability scanners.
• Exposure to cloud security, identity systems, and configuration management.

What Success Looks Like

• Security coverage remains consistently high across the environment.
• Alerts improve in quality and produce fewer false positives.
• Log ingestion stays healthy, complete, and reliable.
• Tool configurations remain up to date, tuned, and aligned with best practices.
• SecOps and Security Engineering can operate faster because the operational foundation is strong and dependable.