Sr Staff Security Compliance Research – SaaS
Full Job Description
Contribute your network expertise and research expertise to the development of the latest SaaS security product. Assist us in scaling our research on SaaS applications to a large number of applications and in performing manual and automated checks on SaaS application signatures.
We are searching for research engineers with strong scripting abilities and an eye for patterns and abnormalities in network data. Box, Dropbox, GitHub, Google Apps, Slack, Salesforce and other SaaS services are all protected by this fast-growing cloud service. SaaS Inline Security technologies enable customers to secure data moving between all sanctioned and unsanctioned SaaS app instances. A unique opportunity to build enterprise-class cloud security solutions that assist provide visibility and protection in a world of ever-expanding SaaS applications.
- Understand various security complicated frameworks such as NIST, CSF, Fedramp, ISO27001, SOC2, PCI DSS etc. Map various SaaS Application configurations and value to various aspects of these compliance standards
- Understand API’s provided by SaaS Applications and automate remediation in case SaaS Instance configuration is not compliant with a given standard
- Involve in the complete development life cycle starting with research on various requirements, understand & define functional specs, convert them into solid signatures with high efficacy/quality & measure the efficacy based on production data
- Research the best practice of security posture of the SaaS applications
- Research and make new features as SaaS applications release new security settings or features
- Develop necessary tools to assist with research, development & maintenance of application signatures
- Work closely with the technical support team to handle customer escalations- Analyze the product gaps that resulted in customer issues and improve the signature resiliency and test strategy
- Support our product and development teams with practical knowledge on security posture and security testing
- E2E ownership for a set of SaaS apps from research, signature development, testing, monitoring & maintenance
- Work closely with all stakeholders in various phases of signature development to ensure high quality delivery as per requirements.
What we expect from you
- 5+ years of experience.
- Knowledge of NIST CSF, FedRamp, ISO27001, SOC2, PCI DSS, etc.
- Knowledge of security threats, strategies, procedures, and solutions.
- Detect complicated security and configuration concerns.
- Good Best methods for protecting SaaS Applications.
- Understand best practises for network configuration, IAM, logging, and firewall settings.
- Comprehend and research third-party API documentation.
- Expertise in web data formats such as JSON and MIME.
- Understanding of TCP/IP, SSL/TLS, and DPI.
- Admin experience (Salesforce, ServiceNow, O365, Dropbox, Box…)
- Web security, application security, or bug security Experience in bounty hunting preferred.
- A knowledge of web automation tools such as Selenium.
- It is an advantage if you have knowledge of cloud security solutions such as Cloud Firewall and Software Web Gateway.
- Experience with CASB, SSPM, CSPM, or generic SaaS applications.
- Experience with O365, Salesforce, or other SaaS APIs is a plus.
- Experience mapping SaaS application setups to compliance standards is a bonus.
- Engineering/Technology degree from a recognized university/college.
For those who think they are competent in just a few of these areas, don’t worry! Individuals with a growth attitude and shown learning aptitude can apply.
Be who you are at work
It is our goal to be the catalyst for change that inspires us to take action in the workplace. Work should be a place where your true self can be fully expressed. We’re working hard on making that happen for you.
If you are interested in this opportunity, send an email to firstname.lastname@example.org.