Senior SaaS Security Engineer – Customer Trust & Assurance

About The Position

Requirements

• 8–12+ years of hands-on experience in cybersecurity, cloud security, application security, or software engineering, with demonstrable depth in security architecture.
• Proven experience in customer-facing security assurance: responding to enterprise security questionnaires, RFIs, and due-diligence requests with engineering-grounded answers, not templated responses.
• Strong working knowledge of SaaS cloud architectures (AWS, Azure, or GCP) from a security design perspective, including tenant isolation models, IAM/federation patterns, secrets management, encryption strategies, network segmentation, and logging/observability.
• Ability to discuss security design tradeoffs, attack surfaces, and control decisions at an engineering level, both internally and directly with enterprise customers.
• Practical familiarity with HITRUST CSF as a compliance and technical framework, with the ability to ground requirements in actual implementation detail.
• Experience conducting or contributing to threat modeling using STRIDE or MITRE ATT&CK on SaaS platform components such as APIs, identity flows, and data pipelines.
• Hands-on collaboration with engineering teams on system design reviews, security controls implementation, and architecture validation.
• Familiarity with SOC 2, ISO 27001, PCI-DSS, CSA STAR, and NIST frameworks; ability to connect policy requirements to technical implementation.
• Experience creating and maintaining architectural diagrams, threat models, and technical security documentation for external audiences.
• Candidates should expect to be evaluated on foundational security and cloud architecture concepts during the interview process, including the ability to discuss security design decisions at an engineering level.
• Familiarity with security and compliance frameworks such as HITRUST CSF, SOC 2, ISO 27001, or CSA STAR — with the ability to ground compliance requirements in technical implementation, not just policy.
• Experience responding to customer security questionnaires, RFIs, and due-diligence requests, with responses anchored in engineering detail rather than templated answers.
• Experience creating or maintaining architectural diagrams, threat models, and technical security documentation.
• Exceptional written and verbal communication skills — able to translate engineering-level security decisions into clear, accurate, customer-ready explanations for both technical and non-technical audiences.
• Confident representing the platform's security posture directly to customers and able to handle follow-up technical questions without escalation.
• Able to work cross-functionally across engineering, product, and compliance teams in a distributed environment.
• Must be authorized to work legally in the US without sponsorship, now or in the future.

Nice To Haves

• CISSP, CCSP, or CISM
• Cloud security certifications: AWS Security Specialty, Google Professional Cloud Security Engineer, or equivalent
• HITRUST Certified CSF Practitioner (CCSFP) is a plus

Responsibilities

• Respond to customer RFIs, security questionnaires, and due‑diligence inquiries related to security, privacy, and compliance.
• Collaborate closely with internal teams to gather, validate, and align accurate technical responses.
• Interpret and translate technical security concepts into clear, customer‑ready explanations.
• Support customer trust initiatives, including audits, certifications, and process improvements.
• Ensure timely, high‑quality delivery of all responses and maintain excellent communication throughout the customer lifecycle.
• Develop a deep understanding of the platform’s architecture, including cloud infrastructure, application components, identity flows, and data protection mechanisms.
• Articulate security design decisions, architectural patterns, and threat mitigation strategies in a way that builds high customer confidence.
• Partner with engineering teams to ensure externally communicated security details accurately reflect system design and controls.
• Enhance and maintain technical security documentation, architectural diagrams, and reusable content for customer assurance.
• Identify opportunities to improve clarity, consistency, and technical depth across customer‑facing security materials.

Benefits

• Health, Dental, and Vision Insurance: Comprehensive coverage to support your well-being.
• Employer Contributions to Health Savings Accounts (HSA): Helping you save for medical expenses.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses, plus a $200 Lifestyle Spending Account (LSA).
• Disability Insurance: Short- and long-term coverage, fully paid by the employer.
• Life and AD&D Insurance: Employer-provided coverage, with options for additional voluntary coverage.
• Employee Assistance Program (EAP): Access to personal and professional support resources.
• Career Growth Opportunities: Pathways for advancement and skill development.
• Team Engagement Activities: Regular team-building events and company-sponsored activities to foster collaboration and connection.