We are looking for a dynamic Senior Security Engineer - SaaS Security Posture Manager to join our team. In this role, you will collaborate closely with our IT, InfoSec, and various business units to ensure the security and integrity of our SaaS products. You will audit configurations, integrate security considerations into the purchasing process, and proactively safeguard our SaaS applications. Your expertise will be essential in maintaining compliance with security standards and protecting our digital assets. This position is open to qualified applicants nationwide. Candidates residing within 50 miles of our San Ramon, CA or San Francisco, CA offices are required to be in the office three days a week (Mondays, Wednesdays, Thursdays).
- SaaS Configuration Auditing: Conduct thorough audits of SaaS application configurations to identify security vulnerabilities, misconfigurations, and compliance gaps.
- Security Integration in Purchase Cycle: Collaborate with procurement and IT teams to integrate security considerations into the purchase cycle of SaaS applications. Review security aspects of potential SaaS solutions before purchase and provide recommendations to mitigate risks.
- Risk Assessment: Assess the security risks associated with SaaS applications, considering factors such as data sensitivity, access controls, and compliance requirements.
- Security Configuration Guidance: Provide guidance and best practices for configuring SaaS applications securely, including user access controls, data encryption, and integration with identity management systems.
- Policy Development: Develop and enforce policies related to SaaS security configurations, ensuring alignment with industry standards and regulatory requirements.
- Vendor Management: Manage relationships with SaaS vendors regarding security-related issues, including conducting security assessments, negotiating security provisions in contracts, and ensuring vendor compliance with security standards.
- Training and Awareness: Develop and deliver training programs to educate internal stakeholders on secure SaaS configuration practices and the importance of security in the SaaS purchase process.
- Continuous Improvement: Stay updated on emerging threats and security best practices related to SaaS environments. Continuously improve auditing processes and integration practices to enhance the security posture of our SaaS offerings.
- 5+ years general experience in information security - operations, engineering, incident response, SOC analyst, etc.
- 3+ years experience auditing SaaS application configurations.
- Experience running projects – either informal PM/TPM experience, or formal.
- Formal education in Computer Sciences/Cybersecurity or related industry certifications (e.g., CISSP, CISM, CCSP, CISA). Bachelor’s degree in Computer Science, Information Security, or a related field is a plus, but not required.
- Proven experience in auditing SaaS application configurations for security vulnerabilities and compliance gaps.
- Familiarity with security frameworks and standards relevant to SaaS environments, such as SOC 2, GDPR, and HIPAA.
- Experience in vendor management and contract review, particularly in relation to security provisions.
- Excellent communication and presentation skills, with the ability to effectively and succinctly convey complex security concepts to non-technical stakeholders.
- Strong analytical and problem-solving abilities, with a meticulous attention to detail.
- Ability to work independently and collaboratively in a fast-paced environment.
- Must learn quickly and adapt to a changing environment and be eager to accept new responsibilities.
#LI-Remote
#LI-RN1