Job Description
Position Title: SaaS Security Data Analyst
Position Description: Protingent Staffing has an exciting contract opportunity for SaaS Security Data Analyst with our client that is fully remote.
Project Description: The use of SaaS applications is central to our operating environment and monitoring these for secure configurations is every bit as important as the more traditional monitoring of workload telemetry and network data. The team is looking for a Python developer to work in partnership with our security team to add custom connections to our SaaS security platform, Obsidian Security. The primary role involves pulling data directly from SaaS platforms’ APIs. Experience with integrating into SaaS platforms like Salesforce, ServiceNow, etc., is desirable but not necessary. This role plays an integral part of ensuring that the SaaS environments we use are properly secured and the data protected from loss or theft.
Job Responsibilities:
- Develop custom connections to SaaS platforms using Python
- Work with REST APIs, GraphQL, and OAuth authentication
- Collaborate with the security team to understand requirements and implement solutions
- Ensure code quality and maintainability through continuous integration and deployment practices.
- Gathering data from our SaaS applications via API
- Work with security architecture to determine the proper operating protocols for SaaS applications
- Analyze the data available to monitor for the proper implementation of security controls in the SaaS applications
- Leverage all the above to meet expected standards and protect company data resident in SaaS applications.
- Specific deliverables:
- Objective - to enhance the security posture of Pure SaaS applications by implementing robust data gathering, analysis, and monitoring processes. This tech spec outlines the responsibilities and technical expectations for the SaaS Security Data Analyst role.
- API Integration and Data Gathering:
- Use the Obsidian SDK to interface with SaaS APIs for data extraction.
- Ensure the API connections are secure, efficient, and robust.
- Implement automated data collection processes from various SaaS platforms.
- Deliverable: Data is extracted regularly from the target SaaS systems and stored in Pure’s system of record (i.e. Obsidian Security),
- Data Analysis and Compliance Requirements:
- Analyze the gathered data to identify security vulnerabilities due to misconfiguration.
- Work closely with the security architecture team to define secure operating parameters for various SaaS applications.
- Use the data to gather information about integrations with other systems.
- Where frameworks such as a CIS benchmark exists, use the data to identify compliance issues with the expected operating profile.
- Deliverable: A documented mapping of configuration data from SaaS systems to configuration state and security requirements, with parameters for passing and failing clearly defined.
- Visualization and Reporting:
- Utilize statistical methods and machine learning techniques where applicable to enhance analysis accuracy.
- Ensure that the implemented protocols are aligned with industry best practices and compliance requirements.
- Using the data from the platforms, create notifications for system owners when there is a gap in compliance.
- Deliverable: Dashboards and reports that provide actionable insights into the security posture of SaaS applications.
- Monitoring and Alerts:
- Where possible, leverage the Obsidian Security platform to monitor adherence to security policies within SaaS environments.
- Work with the SaaS Security Analyst and system owners to set up alerting mechanisms to notify relevant stakeholders of any detected anomalies or breaches in real time.
- Integrate these processes with existing ticketing workflows via Jira and ServiceNow
Job Qualifications:
- Candidates desired to have a BS degree, as they will need to be good at programmatic data analysis.
Must Have:
- Proficient in Python – preferred 5 years of experience but willing to
- consider 3+ if candidate is a rockstar and performs well during interview.
- Experience with API development and integration
- Solid understanding of cybersecurity principles and best practices
- Understanding of GraphQL
- Experience with OAuth authentication
- Familiarity with continuous integration and deployment (CI/CD) processes
- Knowledge of hosting and deployment strategies, including Kubernetes, Docker, etc.
Nice To Have:
- Experience with SaaS platforms such as Salesforce, ServiceNow, GitHub, and Docusign
- Working knowledge of security practices and understanding of threat actors
- Ability to identify valuable security insights within a SaaS platform.
Job Details:
- Contract: 5 months (with possible extension)
- Pay Rate: $70 - $76 / hr
- Location: Fully Remote.
Benefits Package: Protingent offers competitive salaries, insurance plan options (HDHP plan or POS plan), education/certification reimbursement, pre-tax commuter benefits, Paid Time Off (PTO), and an administered 401k plan.
About Protingent: Protingent is a niche provider of top Engineering and IT talent to Software, Electronics, Medical Device, Telecom, and Aerospace companies nationwide. Protingent exists to make a positive impact and contribution to the lives of others as well as our community by providing relevant, rewarding, and exciting work opportunities for our candidates.