Senior SaaS Security Architect

When you join Verizon

Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

The Verizon Corporate Information Security (CIS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.

As a Senior Software-as-a-Service (SaaS) Security Architect, you will support the Platform Security team in its goals of embracing secure SaaS technologies across multiple business units and functions. You will be a strategic contributor in information security, problem solving and relationship management to lead internal programs aimed at securely deploying SaaS applications to support critical business functions. This Sr SaaS Security Archtect will be responsible for establishing and maintaining security policies, conducting security assessments on 3rd Party SaaS products and Cloud-based services, as well as ensuring secure implementation of these products and services. There is also overlap for infrastructure level Cloud Security Assessments. This is not a “check-the-box“ focused role, this position requires a broad mix of technical expertise and discernment coupled with polished communication to ensure Verizon is adopting and implementing SaaS and Cloud-based services which meet our unique security requirements and standards.

• Work with internal and external partners to independently perform security assessments to deliver security assurance on third-party SaaS applications with potential for Cloud-level security assessments.
• Conduct security architecture review of Third-Party SaaS applications built on cloud and emerging technologies.
• Provide clear and detailed risk assessment and remediation guidelines for Third-Party Suppliers and Verizon business teams.
• Report underlying security issues and propose enhanced security protections and/or mitigation controls.
• Develop and innovate our Supplier Security Strategy to ensure Verizon works with the most mature and secure Suppliers available.
• Build and Maintain Third Party / SaaS security standards and guidelines.
• Research new and emerging threats to ensure Verizon’s assessment methodology is keeping pace with security trends.
• Deliver program enhancements including automation, assessment tooling, and penetration testing.
• Provide guidance to prospective Suppliers on Verizon security requirements including remediation and potential feature enhancements.
• Execute security design and implementation review of onboarded 3rd Party SaaS Applications and web-services throughout the Supplier lifecycle.
• Partner with procurement and legal to enhance Third Party security agreements and contracts.
• Act as a focal point in the implementation & delivery of a formalized SaaS security awareness program.
• Work closely and collaboratively with Information Security Officers (ISOs), IT Portfolios, Verizon Sourcing and Business units to support their needs
• Produce reports, scorecards and related metrics
• Keep stakeholders updated with communications and weekly reporting.
• Drive mitigation of reported risks from continuous monitoring solutions.
• Track and report on the status of SaaS vendor risks to corporate/industry requirements.

What we’re looking for...

You'll need to have:

• Bachelor’s degree or four or more years of work experience.
• Six or more years of relevant work experience.
• Experience with Web Application/SaaS Security and Public Cloud (ie; AWS, GCP, Azure) Security.
• Willingness to travel up to 25%.

Even better if you have one or more of the following:

• Experience evaluating system architectural designs, data flows, technical security implementations, especially for SaaS Applications and Systems hosted on cloud platforms.
• Experience conducting information security consulting engagements.
• Experience engaging with both third-parties and internal customers regarding security.
• In-depth knowledge of the security assessment processes and lifecycle with the ability to identify potential improvement areas and gaps in existing processes.
• In-depth knowledge identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
• Solid understanding of Application Security, Network Security, Crypto, and Identity Management.
• In depth knowledge on Application and Cloud Security industry standards, trends, threats, vulnerabilities, and technology frameworks.
• Ability to clearly communicate technical concepts to all audiences.
• Performance oriented, self-directed ability to drive change & manage multiple projects.
• Experience in Supply Chain risk management.
• Hands-on experience with Penetration Testing Web applications, SaaS products, and/or Cloud environments.
• Contributions to the security community such as research, published CVEs, bug-bounty recognitions, open-source projects, blogs or publications.
• Industry Certifications such as CCSP, Cloud specific certifications, etc.

22CyberNET 22CyberAPP

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.