Position Details

Salary $197K – $313K USD / year

Type Full-Time

Experience lead

Exp. Years 12+ years

Education Related technical degree required

Category Cybersecurity

About this role

Principal Security Engineer leads Salesforce's Third Party Security program, building secure baselines and performing supplier security assessments to reduce risk in the AI/SaaS ecosystem.

Key Responsibilities

Lead the design, deployment, and lifecycle management of secure baselines
Conduct high-quality third-party security assessments
Define security baselines for emerging tech
Ensure least privilege in SaaS platforms
Communicate security requirements to suppliers

Technical Overview

Focus on SSPM deployment, third-party risk assessments, AI-driven security automation, OWASP testing, security telemetry, and cross-functional collaboration with Legal & Sourcing.

Ideal Candidate

The ideal candidate is a senior security leader with 12+ years in enterprise third-party security, expert in SSPM, OWASP, NIST CSF, and AI-enabled workflows, capable of engaging executives and shaping security strategy.

Must-Have Skills

12+ years in security roleExperience with large enterprise third party security programsExperience defining secure baseline configurationsExperience deploying enterprise-wide SSPMExperience web app pentests per OWASPExcellent written and oral communicationAbility to communicate to executives

Nice-to-Have Skills

ISO 27001SOC 2NIST CSFPCI DSSCISSPCISMCISACCSPCRISCCISSP/CCSP/CISM as preferred

Tools & Platforms

SnykSemgrepGitHub ActionsDASTSAST

Required Skills

12+ years in security; SSPM; third-party security program; OWASP; LLMs; AI Agents; security telemetry; least privilege; Shadow IT; executive communication

Hard Skills

Large Language Models (LLMs)AI AgentsSecure baseline configurationsSaaS Security Posture ManagementThird party security assessmentsPenetration testingOWASP testing methodologiesLeast Privilege accessShadow ITSecurity telemetryRemediation guidanceContract languageVendor security reviewsSecurity governance

Soft Skills

CommunicationExecutive presentationInterpersonal skillsCollaborationInfluencingProblem-solvingStrategic thinkingAnalyticalProactiveExecution oriented

Certifications

Required

CISSPCCSPCISMGIACSANS

Preferred

CRISCCISSPCCIECISACISMCISSP

Industry & Role

Industry SaaS

Job Function Lead third-party security initiatives and SSPM program for Salesforce

Role Subtype Pre-Sales Engineer

Tech Domains Amazon Web Services, Google Cloud Platform, Cybersecurity, SQL / PostgreSQL, Java, Python

Keywords for Your Resume

principal security engineerthird party securitysaas security posture managementsspmllmsai agentsowasp top 10nist csfiso 27001soc 2pci dsscisspccspcismcisacriscsnyksemgrepgithub actionsdastsastleast privilegeshadow itvendor securitysecurity telemetryremediationSSPMsecurity assessmentsOWASPCISSPISO 27001NIST CSFPCI DSSLLMs

Deal Breakers

No experience with large enterprise third party security programs, No SSPM experience, No OWASP/OWASP Top 10 knowledge, No executive communication experience

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Principal Security Engineer, SaaS Security Posture Management (SSPM)

Get matched to jobs like this