** and those authorized to work in the U.S. can be considered as W2 candidates.**
Title: SaaS and Cloud Security Assessment Engineer
Location: Local preferred (Cupertino, CA)
Tenure:6 months with possibility of extension
Our Client is seeking a Software-as-a-Server (SaaS) and Cloud Security Assessment Engineer within the Supplier Trust Program.
We are looking for an experienced security professional who is passionate and knowledgable about SaaS and Cloud security. The candidate can bring new ideas and strategy to newly established program and is forward and "outside the box" thinking. This position will be responsible for conducting security assessments on 3rd Party SaaS products and Cloud-based services, as well as ensuring secure implementation of these products and services. There is also overlap for infrastructure level Cloud Security Assessments.
This is not a "check-the-box" or Compliance focused role, this role requires a broad mix of technical expertise and business acumen coupled with polished communication to ensure our client is adopting and implementing SaaS and Cloud-based services which meet our unique security requirements and standards.
Remote: Pacific Time Zone
? Work with internal and external stakeholders to independently perform security assessments on third-party SaaS applications with potential for Cloud-level security assessments.
? Conduct security architecture review of Third-Party SaaS applications built on cloud and emerging technologies.
? Provide clear and detailed risk assessment and remediation guidelines for Third-Party Suppliers and Its business owners.
? Report underlying security issues and propose enhanced security protections and/or counter-measures.
? Develop and innovate our Supplier Security Strategy to ensure client works with the most mature and secure Suppliers available.
? Consult on future program enhancements including automation, assessment tooling, penetration testing, and security standards and controls.
? Provide guidance to prospective Suppliers on client security requirements including remediation and potential feature enhancements.
? Support security design and implementation review of onboarded SaaS Applications and web-services.
? 3+ years of work experience with Web Application/SaaS Security and Public Cloud (ie; AWS, Google Cloud Platform, Azure) Security.
? 3+ years experience evaluating system architectural designs, data flows, technical security implementations, especially for SaaS Applications and Systems hosted on cloud platforms.
? 5+ years of work experience conducting information security consulting engagements.
? In-depth knowledge of the security assessment processes and lifecycle with the ability to identify potential improvement areas and gaps in existing processes.
? In-depth knowledge identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
? Threat Modeling and Design Reviews.
? Strong knowledge of Application Security, Network Security, Crypto, and Identity Management.
? In depth knowledge on Application and Cloud Security industry standards, trends, threats, vulnerabilities, and technology frameworks.
? Excellent written and oral communication skills, including experience communicating to both technical and nontechnical audiences. Helpful Qualifications:
? Hands-on experience with Penetration Testing Web applications, SaaS products, and/or Cloud environments.
? Contributions to the security community such a research, published CVEs, bug-bounty recognitions, open-source projects, blogs or publications.
? Industry Certifications such as GWAPT, GPEN, Google Cloud PlatformN, OSWE.
? Independently perform risk-based security assessment of our client and there Third-Party SaaS providers.