Principal Security Engineer - SaaS Security Posture Mgt

Description

Principal Security Engineer, SaaS Security Posture Management, SSPM Platform Lead

Location: Hybrid - 4 days onsite, 1 remote in one of the following hubs: | Pittsburgh, PA | Cleveland, OH

Summary

Lead the strategy, rollout, and ongoing management of the enterprise SSPM program. Own the platform end to end, drive SaaS onboarding and security posture improvements, and partner across cybersecurity, risk, IT, and business teams to reduce data exposure and strengthen controls across a growing SaaS environment.

Key Responsibilities

• Own SSPM platform management across planning, onboarding, configuration, and operations for enterprise SaaS applications
• Develop and execute SSPM roadmap aligned to risk, business criticality, and regulatory requirements
• Configure and continuously tune SSPM controls to monitor SaaS security posture and align with policy and best practices
• Conduct threat modeling and risk assessments for SaaS integrations and APIs
• Integrate SSPM with SIEM, SOAR, ITSM, and identity platforms to enable automation, alerting, and reporting
• Partner with Cyber Operations to define detection rules, alert thresholds, and escalation processes
• Establish SaaS governance processes including onboarding, configuration baselines, access reviews, and third party risk
• Track and report SSPM metrics such as posture scores, remediation timelines, and coverage to leadership
• Drive remediation of misconfigurations, excessive access, and data exposure with application owners
• Support compliance by mapping SSPM findings to frameworks such as NIST, CIS, SOC 2, PCI DSS, ISO 27001
• Maintain awareness of emerging SaaS threats and continuously enhance SSPM capabilities
• Contribute to SaaS security policies, standards, and training programs

Required Qualifications

• Bachelor's degree or equivalent experience in Computer Science, Information Security, or related field
• 7+ years experience in cybersecurity engineering or related discipline
• 2+ years hands on experience with SSPM tools
• Deep knowledge of SaaS security models including APIs, OAuth, OIDC, federation, and SaaS integrations
• Experience securing enterprise SaaS platforms such as Microsoft 365, Salesforce, ServiceNow, Workday, Google Workspace
• Strong knowledge of SIEM, SOAR, ITSM, and security workflow orchestration
• Experience with identity and access management including least privilege, privilege escalation, and non human identities
• Understanding of regulatory frameworks including NIST, CIS, SOC 2, PCI DSS, ISO 27001
• Strong communication skills translating technical risk into clear actions
• Proven ability to lead cross functional initiatives and deliver results

Preferred Qualifications

• Certifications such as CISSP, CCSP, CISM, SSCP, or cloud security certifications
• Experience with SaaS security and data protection platforms
• Scripting or automation experience such as Python or PowerShell
• Background in regulated industries such as financial services or healthcare
• Experience building security governance programs and risk frameworks
• Exposure to AI security risks including securing AI agents and preventing data leakage

Core Skills

• Systems implementation and rollout, advanced, leads enterprise platform deployments and SaaS onboarding
• Compliance and controls, intermediate, implements and monitors controls aligned to regulatory standards
• Cybersecurity strategy, intermediate, aligns SSPM operations with enterprise security strategy
• Emerging technologies, advanced, evaluates and deploys new SaaS security and AI security capabilities
• Incident and problem management, intermediate, supports alert triage and remediation coordination
• Capacity optimization, intermediate, manages licensing and platform scale
• Contingency planning, intermediate, supports resiliency and monitoring continuity planning

Core Capabilities

• Building relationships, advanced, partners across cyber, IT, risk, and business teams
• Industry insight, advanced, stays current on SaaS threats and SSPM market trends
• Technologically savvy, advanced, deep SSPM platform expertise and tool integration
• Leading others, intermediate, provides guidance and drives deliverables
• Strategic thinking, advanced, converts risk insights into actionable plans
• Customer centricity, advanced, designs effective onboarding and user experience
• Collaboration, intermediate, works cross functionally to solve security challenges
• Innovation, advanced, drives automation and continuous improvement
• Agility, advanced, adapts to evolving threats and priorities
• Inclusion, advanced, promotes inclusive collaboration across teams
• Performance measurement, advanced, defines KPIs and tracks outcomes
• Motivation, advanced, drives accountability and adoption across stakeholders

Equal Opportunity Employer

We are committed to building a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to legally protected status.

Pay Transparency

The salary range for this position is from $135,000 to $180,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to, the budget, work location, relevant skills, and experience.

We offer competitive pay, comprehensive medical, dental, and vision coverage, retirement benefits, maternity and paternity leave, flexible work arrangements, education reimbursement, wellness programs, and more. Citizens' paid time off policy exceeds the mandatory paid sick or paid time away policies of local and state jurisdictions in the United States. For an overview of our benefits, visit our Careers site - https://jobs.citizensbank.com/benefits.

#LI-Citizens1

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.