Senior SaaS Security Engineer

Headspace and Ginger have recently merged to become Headspace Health! While roles are still being recruited separately on our respective websites, new hires from this point forward will be joining Headspace Health. For more information, please speak with your recruiter! 

About the Senior SaaS Security Engineer at Headspace Health:

The Senior SaaS Security Engineer will be a key member of the technical team responsible for assessing and securing the SaaS services used by our global organization. You will improve the review processes for SaaS products and infrastructure to enumerate relevant security concerns. You will design solutions and work hands-on to implement tooling/configurations that mitigate associated risk as applicable. You will regularly work with both technical and non-technical teams across the organization to identify the needs of stakeholders. You use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues. 

Beyond the methodologies and tools, it is important for you to drive a culture of security and develop an attacker's mind-set. You will work with a diverse team of talented leaders and contributors who all are working collaboratively to realize our vision of improving the health and happiness of the world.

How your skills and passion will come to life at Headspace Health:

• Interact with technology teams, stakeholders, and SaaS providers to ensure appropriate security capabilities and controls are implemented.
• Provide oversight and reviews of SaaS solutions via repeatable processes to ensure security best practices are configured and enforced (IAM, Config Hardening, Key Rotations, etc.).
• Implement processes, detection mechanisms and/or guardrails to detect and resolve insecure SaaS configurations.
• Implement required configurations and additional security tooling to appropriately mitigate risk.
• Create and maintain documentation for related security standards and processes.
• Act as a key member for incident investigation activities.
• Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure compliance requirements are met and risk is appropriately mitigated. 
• Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over effectiveness of controls.

What you’ve accomplished:

• 5+ years of work experience in SaaS security, security architecture and/or cloud security.
• Experience evaluating system design, with knowledge of security assessment processes and design reviews. 
• Experience with SSPM (SaaS Security Posture Management), configuration management, logging and monitoring, and IAM.
• Knowledge of least privilege, Single Sign-On, zero trust network principles, secure access service edge, data loss prevention, CASB or similar technologies.
• Experience with Python, TypeScript, etc.
• Strong written and verbal communication skills. Ability to influence and collaborate at every level.
• Ability to efficiently handle ambiguity and appropriately prioritize competing projects.
• Ability to work autonomously on multiple projects with a geographically distributed team.
• Familiarity with one or more industry security compliance frameworks and/or regulations such as ISO 27001/2, PCI-DSS, HIPAA, FedRAMP, CIS, HITRUST, SOC 2, NIST 800-53, etc. are a plus
• Certifications from organizations such as ISC2, GIAC, etc. are a plus

How to get started:
If you’re excited by the idea of seeing yourself in this role at Headspace Health, please apply with your resume and a cover letter that best expresses your interest and unique qualifications.

How we feel about Diversity & Inclusion:

Headspace Health is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. 

As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace. 

*Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace Health. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process.

Headspace Health participates in the E-Verify Program.

Headspace Health is committed to protecting the privacy and security of your personal data. Please view our privacy notice here.