Senior SaaS Security Engineer

Company logo
Costar Group
Provides commercial real estate data, analytics, and marketing services.
Senior engineer building and operating enterprise SaaS security program and controls
4 days ago ago
Expert & Leadership (13+ years), Experienced (8-12 years)
Full Time
Arlington, VA
Office Full-Time
Company Size
4,700 Employees
Service Specialisms
No specialisms available
Sector Specialisms
Commercial Real Estate
Residential
Apartments
Hospitality
Industrial
Retail
Office
Multifamily
Role
What you would be doing
sspm integration
saas inventory
oauth governance
siem integration
policy-as-code
security dashboards
  • Operationalizing SSPM and/or CASB/SSE; integrating IDP signals into SIEM/SOAR; building detections and automations.
  • Codify SaaS security standards and exception management with GRC; embed control checks into procurement/vendor risk and IT change processes.
  • Stand up a single source of truth for SaaS inventory (shadow IT included), integrating procurement, SSO/IDP, network/DNS/forward proxy, CASB/SSE, SSPM, and expense data.
  • Drive business adoption: curated enterprise app catalog, secure patterns, training for Admins and app owners, and migration plans for risky patterns.
  • Implement and operationalize SSPM and extend existing capabilities in CASB/SSE: continuous posture assessment, misconfiguration detection, and auto-remediation pipelines.
  • Engineer governed OAuth/consent patterns across IDP and key platforms (e.g., Salesforce, Microsoft 365/Entra ID, Workday, Atlassian, and Others):
  • Integrate SaaS signals (SSPM/CASB, platform event logs like Salesforce Event Monitoring, M365, Okta/Entra) into SIEM/SOAR with detection content for OAuth abuse, anomalous consent, data exfiltration, Admin drift, and risky API usage.
  • Define and enforce SSO/MFA mandates, SCIM provisioning, tenant segmentation, conditional access, DLP for SaaS, and API logging/telemetry standards.
  • Publish dashboards and metrics for leadership (coverage, high-risk apps, misconfig posture, incident MTTR, consent trends).
  • Build the enterprise SaaS Security program: charter, operating model, RACI, roadmap, control framework mapping to ISO 27001, and KPIs.
  • Define SaaS risk tiering and baseline control requirements by data classification and business criticality.
  • Establish secure configuration baselines and policy-as-code (e.g., Terraform/OPA/CLI automations) for major SaaS platforms.
What you bring
oauth2
cissp
salesforce
python
8+ years
nist800-53
  • Enterprise app catalogs, pre-approved scopes, just-in-time reviews, least privilege scopes, refresh token hygiene, IP/session restrictions, device trust signals, token revocation patterns.
  • Evidence of thought leadership (runbooks, talks, open-source/policy-as-code contributions).
  • Align to SOX ITGC, privacy (e.g., GDPR/CCPA), regulatory audits, and customer assurance (SOC 2/ISO) evidence.
  • A track record of commitment to prior employers
  • Certifications: CISSP, CCSP, CCSK, vendor accreditations (e.g., Salesforce Security & Privacy AP, Okta/Entra certs).
  • Hands-on with one or more major SaaS ecosystems at scale: Salesforce (Connected Apps, Shield, Event Monitoring), Microsoft 365/Entra ID, Google Workspace, ServiceNow, Workday, Slack, Atlassian.
  • Incident response experience for SaaS/OAuth/token compromise scenarios.
  • Deep expertise in OAuth 2.0/OIDC, SAML, SCIM, JWT/PKCE, token hygiene/rotation, consent governance, and least-privilege scopes.
  • Familiarity with SOX ITGC and privacy-by-design in SaaS workflows.
  • 8+ years in security with 3+ years specializing in SaaS security across large enterprises (5k+ employees).
  • Scripting/automation (e.g., Python, PowerShell, or Node), and IaC/policy-as-code experience.
  • Prior leadership of a SaaS/OAuth security initiative from zero-to-one in a complex enterprise.
  • Author and exercise SaaS IR playbooks: token theft response, consent rollback, key rotation, scope reduction, app quarantine, containment & comms, forensics & lessons learned.
  • Strong grasp of NIST 800-53/CSF, ISO 27001, CIS Controls v8, CSA CCM, and mapping to SaaS controls.
  • Bachelor’s Degree required from an accredited, not for profit university or college.
  • Experience with DLP, data classification, eDiscovery/legal hold in SaaS.
Benefits
  • 401(K) retirement plan with matching contributions
  • Life, legal, and supplementary insurance
  • Tuition reimbursement
  • Access to CoStar Group’s Diversity, Equity, & Inclusion Employee Resource Groups
  • Virtual and in person mental health counseling services for individuals and family
  • Commuter and parking benefits
  • Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks
  • Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
  • Paid time off
  • On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes
  • Employee stock purchase plan
Training + Development
Information not given or found
Interview process
Information not given or found
Visa Sponsorship
  • no visa sponsorship will be provided for this position.
Security clearance
  • pre-employment substance abuse testing will be performed.

People also searched

Security Engineer Jobs in Arlington United StatesSecurity Engineer Jobs in Silver Spring United StatesSecurity Engineer Jobs in Alexandria United States
Company
Overview
Founded 1987
Year Established
The year the company was first established.
  • Offers comprehensive data on properties, tenants, leases, and market conditions globally.
  • Known for its pioneering technology and research, delivers powerful insights to commercial real estate professionals.
  • Its旗舰平台, CoStar, provides unmatched property data, news, and analytics.
  • Platforms used by real estate professionals, from brokers to investors to property managers.
  • Expanded through strategic acquisitions, including the purchase of LoopNet and Apartments.com.
  • Data-driven insights help clients make informed investment and leasing decisions, shaping the global real estate market.
Culture + Values
  • Customer Focused: We strive to make a positive impact on our customers through innovative solutions.
  • Ownership: We take personal responsibility for delivering results.
  • Integrity: We act with transparency and integrity in everything we do.
  • Innovation: We drive progress through creativity and technology.
  • Collaboration: We believe in the power of diverse teams working together to achieve more.
  • Excellence: We are dedicated to the pursuit of excellence in our products and services.
Environment + Sustainability
2040
Net Zero Commitment
Aims to achieve net zero carbon emissions by this target year.
  • Committed to energy-efficient building designs and energy-saving programs.
  • Uses technological advancements to reduce environmental impact.
  • Annually tracks and reports on carbon footprint and environmental metrics.
Inclusion & Diversity
40% Global Workforce
Women Representation
Approximately 40% of the global workforce consists of women.
  • Committed to creating an inclusive and diverse workplace where all employees can thrive.
  • Has set specific goals to increase the representation of women in leadership roles.
  • Implemented training programs to promote diversity awareness and inclusive leadership.
Articles
Big Kablio Logo
About usTalk to usPrivacyTerms & Conditions
Popular JobsBlogEngineering & DesignManagementTrades & Technicians
Kablio AIIf you're someone who helps build and power the world (or dreams to), Kablio AI is your pocket-sized recruiter that gets you hired.
Copyright © 2025 Kablio