Application Security Engineer

To complement our rapid growth, we are actively looking for a talented and experienced Application Hardening Engineer to join our Information Security team.

The Application Hardening Engineer position will work closely with the IT and InfoSec organisations as well as various business units within Five9 that make purchases of SaaS products. The candidate will ensure the security integrity of our purchased SaaS products by auditing their configurations and integrating security considerations into the purchase cycle of SaaS applications. You will play a crucial role in proactively safeguarding our SaaS application and ensuring their compliance with security standards.

Responsibilities:

• SaaS Configuration Auditing: Conduct thorough audits of SaaS application configurations to identify security vulnerabilities, misconfigurations, and compliance gaps.
• Security Integration in Purchase Cycle: Collaborate with procurement and IT teams to integrate security considerations into the purchase cycle of SaaS applications. Review security aspects of potential SaaS solutions before purchase and provide recommendations to mitigate risks.
• Risk Assessment: Assess the security risks associated with SaaS applications, considering factors such as data sensitivity, access controls, and compliance requirements.
• Security Configuration Guidance: Provide guidance and best practices for configuring SaaS applications securely, including user access controls, data encryption, and integration with identity management systems.
• Policy Development: Develop and enforce policies related to SaaS security configurations, ensuring alignment with industry standards and regulatory requirements.
• Vendor Management: Manage relationships with SaaS vendors regarding security-related issues, including conducting security assessments, negotiating security provisions in contracts, and ensuring vendor compliance with security standards.
• Training and Awareness: Develop and deliver training programs to educate internal stakeholders on secure SaaS configuration practices and the importance of security in the SaaS purchase process.
• Continuous Improvement: Stay updated on emerging threats and security best practices related to SaaS environments. Continuously improve auditing processes and integration practices to enhance the security posture of our SaaS offerings.

Requirements:

• 3+ years experience auditing SaaS application configurations.
• Formal education in Computer Sciences/Cybersecurity or related industry certifications (e.g., CISSP, CISM, CCSP, CISA). Bachelor’s degree in Computer Science, Information Security, or a related field is a plus, but not required.
• Proven experience in auditing SaaS application configurations for security vulnerabilities and compliance gaps.
• Familiarity with security frameworks and standards relevant to SaaS environments, such as SOC 2, GDPR, and HIPAA.
• Experience in vendor management and contract review, particularly in relation to security provisions.
• Excellent communication and presentation skills, with the ability to effectively and succinctly convey complex security concepts to non-technical stakeholders.
• Strong analytical and problem-solving abilities, with a meticulous attention to detail.
• Ability to work independently and collaboratively in a fast-paced environment.
• Must learn quickly and adapt to a changing environment and be eager to accept new responsibilities.

• Five9 Shares
• Bonus Scheme
• 10% Flex Benefits
• Meal Allowance
• Medical Insurance
• Life Insurance
• 25 day Annual Leave + Public Holidays