Principal Consultant - SaaS Security Assessments

November 20

Apply Now
Logo of CrowdStrike

CrowdStrike

Next-Generation Endpoint Protection • Endpoint Detection and Response • Next Generation Anti-Virus • Managed Threat Hunting • Incident Response

Description

• Lead engagements and perform analysis on technical assessments looking for evidence of compromise and/or security misconfigurations in SaaS platforms including. • Produce high-quality written and verbal reports, presentations, recommendations, and findings to key stakeholders including customer management, regulators, and legal counsel. • Demonstrate industry thought leadership through blog posts, CrowdCasts, and other public speaking events.

Requirements

• Knowledge of identity protocols, such as OAuth, SAML, and OpenID Connect for user access to SaaS applications. • An understanding of cloud identity, including RBAC, ABAC, SSO, MFA, and SaaS integration with cloud-based Identity Providers (IdPs). • A practical understanding of one or more of the following IdP platforms: Entra ID, Okta, Cloud Identity (Google Workspace), or Ping Identity. • An understanding of logging, monitoring, and alerting to detect unauthorized access to SaaS applications. • Hands-on experience reviewing SaaS or other platform security configurations including both using existing assessment tools and possibly scripting your own. • Strong ability to communicate executive and/or detailed level findings to clients; ability to effectively communicate tasks, guidance, and methodology with internal teams. • Familiarity with SaaS operations in an enterprise environment is beneficial but not essential. • Knowledge of API authentication and authorization, including token-based security and OAuth. • Knowledge of SaaS architecture design principles, including data segmentation, multi-tenancy, and isolation. • Familiarity with one or more of SaaS security platforms. • Familiarity with modern cloud workloads - DevOps, CICD pipelines, containers, and related security defenses and pitfalls. • Knowledge in AWS, Azure, M365, or GCP incident response methodologies. • Strong understanding of targeted attacks and able to create customized tactical and strategic remediation plans for compromised organizations related to major cloud platforms.

Benefits

• Remote-first culture • Market leader in compensation and equity awards • Competitive vacation and flexible working arrangements • Comprehensive and inclusive health benefits • Physical and mental wellness programs • Paid parental leave, including adoption • A variety of professional development and mentorship opportunities • Offices with stocked kitchens when you need to fuel innovation and collaboration

Apply Now

Similar Jobs

November 20

Join HubSpot as a Staff Security Engineer specializing in Splunk to enhance security monitoring.

November 19

As an embedded Security Engineer at OutSystems, enhance security in product development. Collaborate with Engineering teams to implement security solutions and drive compliance initiatives.

November 16

Manage Identity Access Management initiatives for ForgeRock Identity Cloud at LPL Financial. Focus on security architecture supporting advisors in a fast-paced environment.

November 15

Directs security and compliance efforts at Newfront, modernizing the insurance experience through technology.

Built by Lior Neu-ner. I'd love to hear your feedback — Get in touch via DM or lior@remoterocketship.com