Security Engineer

Location:  New Delhi, India

About Us:

At Sauce Labs, we empower the world's top enterprises - like Walmart, Bank of America, and Indeed - to deliver quality web and mobile applications at speed. Our industry-leading platform ensures continuous quality across the SDLC, using AI-powered analytics to identify key quality signals from development through production. With our unified solution, teams can release and innovate with confidence, knowing their apps will always look, function, and perform exactly as they should. Backed by TPG and Riverwood Capital, we are shaping the future of digital confidence - join us!

The Role:

We are seeking a highly motivated and detail-oriented Security Engineer to join our Security Blue Team. This is an excellent opportunity for an individual passionate about cybersecurity to grow their experiences across a wide array of infrastructure and technologies, including mobile devices, Kubernetes, public cloud, and on-premises infrastructure. You will play a vital role in identifying vulnerabilities, implementing security controls, and contributing to our overall security posture.

Responsibilities:

• Assist in the implementation and maintenance of security controls across our macOS, Linux, and Kubernetes environment, with a focus on Ubuntu and Google Kubernetes Engine.
• Assist the IT team in securing and monitoring corporate workstations and devices.
• Conduct regular security assessments and vulnerability scans using tools like Tenable Nessus or OpenVAS.
• Analyze security events and notifications, escalating internally as necessary.
• Perform triage and maintain ownership of vulnerabilities across a wide range of sources and teams.
• Apply knowledge of common security frameworks (MITRE ATT&CK, OWASP Top 10, CIS, etc.) to assess and improve security measures.
• Contribute to securing our cloud infrastructure, with a preference for Google Cloud Platform, applying CSPM and general cloud security best practices.
• Develop and maintain shell scripts (zsh or bash) for automation and security-related tasks.
• Establish, own and report on security-focused metrics, such as number and type of incidents, response times, SLA commitments, failed login attempts, or key rotation frequency. 
• Document security configurations, procedures, and incidents.
• Own security-related policies and associated evidence and artifacts, including drafting and supporting policies critical to industry-standard audit programs and certifications.
• Participate in an on-call rotation supporting nights and weekends.
• Shift working hours to participate in global team ceremonies such as Stand Up, Planning, Refinement, and Retrospectives.

Required Skills:

• Associate's or Bachelor's of Science degree in a relevant field, or equivalent practical experience.
• 3-5 years of hands-on experience in IT support, systems administration, or cybersecurity-related positions.
• Demonstrable knowledge of Linux servers, preferably Ubuntu, including related usage and basic administrative tasks.
• Proficiency in a shell scripting language, such as zsh or bash.
• Familiarity with common security frameworks, such as MITRE ATT&CK, MITRE ATLAS, OWASP Top 10, Cyber Kill Chain, Pyramid of Pain, or similar.
• Understanding of Cloud Security Posture Management (CSPM) and general Cloud Security practices in at least one major cloud provider, with a preference for Google Cloud Platform.
• Experience leveraging vulnerability and security scanning tools, such as Tenable Nessus and OpenVAS, as well as the more generic scanning categories of SAST, DAST, and SCA.
• Experience working with or as a Cybersecurity Analyst.
• Experience working in verticals such as infrastructure security, application security, mobile security, corporate endpoint security, or SaaS Security.
• Builder and ownership mentality.

Nice-to-Have Qualifications:

• Experience administering macOS workstations.
• Experience securing corporate endpoints and workstations, such as Windows, macOS, Android, or iOS, especially in a hybrid work environment.
• Experience as a SysAdmin.
• Experience with programming or automation systems, such as Ansible, Python, or SaltStack.
• Experience building a highly available open source SIEM, such as Wazuh, Security Onion, or building from scratch leveraging technologies such as Graylog, ElasticSearch or OpenSearch, or similar.
• Experience responding to or managing IDS systems, such as Suricata, Zeek, Snort, Wazuh, Falco, or similar.
• Experience with DFIR tools, such as Velociraptor, OSQuery, or similar.
• Experience managing and owning the deployment and implementation of critical inline security systems – such as an IDP, WAF, or Taps – in a production environment.
• Experience with Kubernetes, either as a user or administrator, at a level equivalent to CKAD, CKA, or CKS.
• Experience in TPRM.
• Experience with industry-standard auditing frameworks and certifications, such as SOC 2, ISO 27001, or ISO 42001.
• Experience using and/or security AI or LLM systems.

Please note our privacy terms when applying for a job at Sauce Labs.

Sauce Labs is proud to be an Equal Opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender identity/expression/status, sexual orientation, age, marital status, veteran status or disability status.

Security responsibilities at Sauce

At Sauce, we will commit to supporting the health and safety of employees and properties, partnering with internal stakeholders to learn and act on ever-evolving security protocols and procedures. You’ll be expected to fully comply with all policies and procedures related to security at the department and org wide level and exercise a ‘security first’ approach to how we design, build & run our products and services.