Key Responsibilities
- SaaS Security Architecture:Design, implement, and maintain security controls for SaaS applications, ensuring adherence to industry best practices.
- Threat Detection & Incident Response:Monitor for security threats, investigate security incidents, and lead response efforts.
- Vulnerability & Risk Management:Conduct security assessments, penetration testing, and vulnerability management to reduce risk.
- Cloud Security:Secure cloud-based environments (AWS, Azure, GCP) and enforce cloud security best practices.
- Access Control & Identity Management:Design and implement robust access control frameworks (RBAC, ABAC, Zero Trust) to protect sensitive assets.
- Secure Development Practices:Partner with development teams to integrate security into the Software Development Lifecycle (SDLC). Educate development teams in secure coding practices and collaborate to improve application security.
- Compliance & Governance:Ensure adherence to security frameworks and regulatory requirements (PCI, SOC 2, NIST, CIS benchmarks).
- Security Automation & Tooling:Develop and implement automated security solutions for monitoring, compliance, and incident response.
- Security Awareness & Training:Educate internal teams on security best practices and emerging threats.
Qualifications & Experience
- 5-8 yearsof experience in cybersecurity, with a focus on securing SaaS applications.
- Expertise in access control frameworks, including RBAC, ABAC, and Zero Trust principles.
- Strong experience with software development and secure coding practices in languages such as Python, PHP, JavaScript, .NET or Ruby.
- Hands-on experience with cloud security tools (Crowdstrike, Cloudflare, Snyk, Burp Suite, etc).
- Familiarity with security frameworks such as NIST, OWASP, and CIS benchmarks.
- Strong scripting and automation skills (Python, Bash, or PowerShell).
- Industry certifications (e.g., CISSP, CEH, AWS Security Specialty, CCSP, OSCP) are highly desirable.
