SaaS Senior Engineer, Information Security, Architecture and Engineering - Technology Solutions Group
Tech Economy · Boston, MA · 2 mo ago
Information Technology$108k–$130k/yrFull-time
About the role
The SaaS security engineer will lead and scale our SaaS security program, with primary ownership of our SSPM platform and related initiatives.
Responsibilities
- Own and operate the SaaS Security Posture Management (SSPM) platform
- Onboard new SaaS applications into SSPM and define security baselines
- Design and implement secure configuration standards for enterprise SaaS platforms (M365, Salesforce, ServiceNow, Slack, etc.)
- Develop and maintain SaaS security configuration benchmarks
- Improve identity and access controls across SaaS applications (RBAC, MFA, SSO enforcement)
- Integrate SSPM findings into SIEM/SOAR platforms
- Develop detection logic for anomalous SaaS behavior
- Create dashboards and reporting to track SaaS posture and risk trends
- Automate security checks and remediation workflows via APIs and scripting
- Enhance SaaS monitoring and logging coverage
- Serve as a point of contact for security-based escalations and remain tightly involved through resolution
- Assist in third party technical reviews and solution advisement, identifying gaps in existing controls and recommending solutions to vendors
- Partner with Senior Manager and stakeholders to problem solve
- Support team growth and improvement
- Monitor, triage, and remediate SaaS misconfigurations identified by SSPM, automating and documenting to scale to operations
- Identify excessive permissions, risky OAuth grants, and policy drift
- Partner with application owners to drive timely remediation of high-risk findings
- Perform periodic access reviews and privilege audits
- Reduce stale accounts, toxic permission combinations, and overprivileged roles
- Support SaaS-related security incidents and root cause analysis
- Communicate results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging
- Maintain strong third-party awareness via database sources, documentation, etc., to understand the weakness, probability and remediation options supplied by vendors as well as workarounds
- Partner with IT, Engineering, Legal, Procurement, and Risk teams to improve SaaS security posture
- Support SaaS security discussions in vendor risk and audit engagements
- Lead security conversations with application owners and executive stakeholders as needed
- Advocate for secure-by-default SaaS configurations across the organization
Requirements
- Required Undergraduate or similar level of relevant work experience
- 3-7+ years business and/or security experience
- Breadth of analytical, technical and project and time management skills
- Understanding of SaaS security risks and misconfigurations
- Understanding of OAuth and API security
- Understanding of SSO, MFA, RBAC, and common IdPs
- Preferred CISSP, GIAC, Security+, or other relevant course work and certifications
- 3-5 years of enterprise SaaS administration experience (M365, Salesforce, Slack, etc.)
- Understanding of IT environments and practices related to one or more of the following disciplines: Networking, Infrastructure configuration and resiliency, System architecture and configuration, Operating systems, Application development, Operational/IoT technology, Cloud Operations
Qualifications
- Experience with SaaS security tools and platforms
- Experience with cloud infrastructure and SaaS application configuration practices
- Experience with identity and access controls in SaaS applications
- Experience with security monitoring and logging in SaaS environments
- Experience with security incident response and root cause analysis
- Experience with security compliance and regulatory requirements
Skills
- Strong analytical and critical thinking skills
- Excellent communication and collaboration skills
- Technical expertise in SaaS security, cloud infrastructure, and SaaS application configuration practices
- Ability to work independently and as part of a team
- Ability to prioritize and manage multiple tasks and projects simultaneously
- Ability to communicate complex technical concepts to non-technical stakeholders
Benefits
- Annual discretionary performance bonus
- 401(k) company contribution, which increases after 3 years of service and is 100% vested upon start date
- Bain & Company's comprehensive benefits and wellness program
- Generous paid time off, including parental leave, sick leave and paid holidays
- Paid Life and Long-Term Disability insurance
- Annual fitness reimbursements