SaaS Senior Engineer, Information Security, Architecture and Engineering - Technology Solutions Group

Description & Requirements

WHAT MAKES US A GREAT PLACE TO WORK

We are proud to be consistently recognized as one of the world's best places to work. We are currently the top ranked consulting firm on Glassdoor's Best Places to Work list and have earned the #1 overall spot a record seven times. Extraordinary teams are at the heart of our business strategy, but these don't happen by chance. They require intentional focus on bringing together a broad set of backgrounds, cultures, experiences, perspectives, and skills in a supportive and inclusive work environment.

We hire people with exceptional talent and create an environment in which every individual can thrive professionally and personally.

WHO YOU'LL WORK WITH

You'll join our Technology Solutions Group. This team considers the full spectrum of people, tech, and process to help others at Bain achieve their goals. We aim to understand our partners in the business so well that our proposed architectures, apps, and automations really do improve their work lives. If you're the sort of person who embraces change, who has an entrepreneurial spirit, and who friends and family still call for tech advice, this might be a great team for you.

WHERE YOU'LL FIT WITHIN THE TEAM

The SaaS security engineer will lead and scale our SaaS security program, with primary ownership of our SSPM platform and related initiatives. The role is technical, and candidates must possess a solid understanding of information security, cloud infrastructure, and SaaS application configuration practices. The role also requires an understanding of business goals/strategy and operational requirements in a fast-paced environment, and the ability to communicate clearly and effectively both business risk impacts and the technical actions required to resolve them.

The SaaS security engineer supports the growing third-party ecosystem, working to reduce misconfiguration risk, improve identity hygiene, and strengthen necessary monitoring and governance recommendations across a variety of cloud-based applications. They are an integrated team member working with product owners, application administrators, system engineers, cybersecurity engineers and systems administrators. At times, the SaaS security engineer acts as a liaison with business stakeholders to understand the strategy and execution outlook.

The role is heavily security-focused and ingrained in the third-party application lifecycle to deliver security principles and validation at all times.

WHAT YOU'LL DO

SaaS security engineers have a strong work ethic, perform analytical and critical thinking, and are masterful at meeting change requests on demand. They are expected to work well with business units and possess superior listening and communication skills, in addition to expected technical expertise. SaaS security engineers embody security-first principles, constantly assess the threat landscape and adapt quickly to manage enterprise risk, as well as integration and deployment requirements.

Essential Functions:

* Technical work (40%)

* Own and operate the SaaS Security Posture Management (SSPM) platform

* Onboard new SaaS applications into SSPM and define security baselines

* Design and implement secure configuration standards for enterprise SaaS platforms (M365, Salesforce, Service Now, Slack, etc.)

* Develop and maintain SaaS security configuration benchmarks

* Improve identity and access controls across SaaS applications (RBAC, MFA, SSO enforcement)

* Integrate SSPM findings into SIEM/SOAR platforms

* Develop detection logic for anomalous SaaS behavior

* Build dashboards and reporting to track SaaS posture and risk trends

* Automate security checks and remediation workflows via APIs and scripting

* Enhance SaaS monitoring and logging coverage

* Serve as a point of contact for security-based escalations and remain tightly involved through resolution.

* Assist in third party technical reviews and solution advisement, identifying gaps in existing controls and recommending solutions to vendors

* Partner with Senior Manager and stakeholders to problem solve

* Support team growth and improvement (30%)

* Establish scalable SaaS security review processes for new application onboarding

* Contribute to development of SaaS security standards and governance frameworks

* Improve joiner/mover/leaver access governance processes

* Identify tooling gaps and recommend new security capabilities

* Create documentation and playbooks for SaaS security operations

* Mentor junior security engineers or IT administrators on SaaS security best practices

* Drive continuous improvement initiatives to reduce manual security effort

* Track and report on SaaS security KPIs to inform program maturity

* Vulnerability and Misconfiguration handling (20%)

* Monitor, triage, and remediate SaaS misconfigurations identified by SSPM, automating and documenting to scale to operations

* Identify excessive permissions, risky OAuth grants, and policy drift

* Partner with application owners to drive timely remediation…