SaaS Security Engineer

Job Description

Job Description

SaaS Security Engineer
Location: Hybrid out of Springfield, MA or Boston, MA OR New York City

Hybrid (3 days onsite per week)

We are seeking a SaaS Security Engineer to support and strengthen the security of a modern SaaS‑based environment. This role is hands‑on and execution‑focused, responsible for assessing, implementing, and monitoring security controls across business‑critical SaaS platforms. You will partner closely with IT, compliance, DevOps, and application teams to ensure secure configurations, strong identity controls, and continuous visibility into SaaS‑related risk.

This is a practical role for someone who enjoys owning SaaS security end‑to‑end—from configuration and monitoring to incident response and advisory support.

Key Responsibilities

• Assess and secure SaaS applications in alignment with industry best practices and benchmarks (e.g., CIS, NIST).
• Implement and maintain secure configurations across SaaS platforms such as Microsoft 365, Salesforce, Workday, ServiceNow, and similar tools.
• Integrate SaaS applications with centralized identity systems, including SSO and MFA (e.g., Okta, Azure AD).
• Monitor SaaS configurations, access patterns, and activity using SSPM and related tooling.
• Support vendor security assessments and due‑diligence reviews for new and existing SaaS services.
• Implement controls for access, data sharing, and third‑party integrations.
• Respond to SaaS‑related security incidents and perform root cause analysis.
• Partner with DevOps and application teams to embed SaaS security into deployment and change processes.
• Support audit and compliance efforts by ensuring platforms meet required security standards.
• Provide guidance and documentation to promote secure SaaS usage across teams.

Required Skills & Experience

• Hands‑on experience securing SaaS platforms such as Microsoft 365, Google Workspace, Salesforce, or ServiceNow.
• Strong understanding of identity and access management concepts, including SSO, MFA, and role‑based access.
• Working knowledge of OAuth, SAML, SCIM, and API security.
• Familiarity with SaaS security technologies such as DLP, CASB, and SSPM solutions.
• Experience enabling and reviewing SaaS audit logs and conducting log analysis.
• Ability to create and maintain security runbooks, standards, and hardening checklists.

Preferred Experience

• Scripting or automation experience (e.g., Python or PowerShell).
• Familiarity with MITRE ATT&CK techniques relevant to SaaS environments.
• Exposure to Zero Trust and SASE models.
• Experience working within security frameworks and compliance programs (e.g., SOC 2, ISO 27001).

Certifications (Relevant, Not Mandatory)

Highly Preferred:

• CompTIA Security+
• Microsoft Security, Compliance, and Identity certifications
• Okta Certified Professional or Administrator

Nice to Have:

• GIAC Cloud Security Automation (GCSA)
• CCSP (Certified Cloud Security Professional)
• CISSP