Director, Attack Surface Management

About The Position

Requirements

• 5-10 years of experience in cybersecurity with at least 3-5 years focused on SaaS or cloud security.
• Proven experience building and managing enterprise-level SaaS security programs.
• Deep understanding of SaaS architectures, security controls, and compliance requirements (e.g., SOC 2, ISO 27001, GDPR).
• Strong leadership and communication skills, with experience managing cross-functional teams.
• Hands-on experience with automation, security tooling, and integration with CI/CD pipelines.
• Ability to effectively prioritize and execute in a fast-paced environment.
• Ability to coach others with some guidance and effectively leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.
• Experience with standard frameworks, such as OWASP, MITRE ATT&CK, and NIST.
• In-Depth knowledge of threat intelligence frameworks & methodology that will help aid the response process.
• Experience with Vulnerability management lifecycle best practices and tools used for SaaS and cloud monitoring (Wiz, AppOmni, Cloud Native – AWS, Azure)
• Experience with standard frameworks, such as MITRE ATT&CK, CIS and NIST.
• In-Depth knowledge of threat intelligence frameworks & methodology that will help aid the response process.
• Proven experience in SaaS security, vulnerability management, or related roles.
• Proven experience leading security initiatives in SaaS environments

Responsibilities

• Develop and own the overall SaaS security posture management strategy, aligning with organizational goals and risk appetite.
• Build and lead a team responsible for the security of all enterprise SaaS applications.
• Direct and lead the SaaS vulnerability and compliance security strategy, including the design and implementation of attack surface reduction and security configurations across all SaaS Platforms.
• Design and implement scalable processes for onboarding new SaaS applications, including risk assessments, security reviews, and integration with identity and access management systems.
• Drive automation initiatives to streamline compliance reporting, monitoring, and remediation activities.
• Establish and maintain standards and best practices for SaaS environment hardening, including configuration management and continuous posture assessment.
• Collaborate with application owners, IT, compliance, and legal teams to ensure security requirements are met throughout the SaaS lifecycle.
• Operationalize the SaaS security program to support and secure a portfolio of ~150 applications, ensuring effective incident response and vulnerability management.
• Track and report on key metrics, program effectiveness, and risk reduction to executive leadership.
• Stay current with industry trends, emerging threats, and regulatory changes impacting SaaS security.

Benefits

• Market competitive base salaries, with a yearly bonus potential at every level.
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.