Key skills
AIGenAIAgenticOAuthSAMLSSOSaaSRisk ManagementCommunicationCloud Security
About this role
Nscale is a GPU cloud engineered for AI, providing infrastructure for AI start-ups and large enterprises. They are seeking a Senior Staff Engineer to manage application-layer security risk across their enterprise estate and develop scalable security patterns to enhance security without hindering developer experience.
Responsibilities:
- Lead security reviews for high-risk SaaS applications, internal apps, external-facing services, AI tools, and business-critical workflows
- Assess application architecture, authentication methods, admin roles, and data handling to identify security gaps and remediation paths
- Provide secure-by-design guidance for internal enterprise apps and automations
- Guide application owners and engineering stakeholders through practical remediation approaches
- Build governance patterns covering app discovery, owner assignment, business criticality, approved use, data classification, and offboarding
- Define secure application onboarding and exception workflows that are fast, risk-based, and evidence-producing
- Establish review processes that include approval, security review, identity controls, and supporting evidence
- Drive app-owner accountability through clear ownership models and remediation plans
- Own risk management for OAuth, OIDC, SAML, API tokens, app registrations, consent flows, and third-party integrations
- Expand SSO and SCIM coverage across priority applications with measurable improvement targets
- Create practical allow, review, block, and exception criteria for OAuth grants and app registrations
- Evaluate authentication and provisioning coverage across the enterprise application estate
- Develop workflows for browser extension, AI app, API integration, and shadow SaaS risk management
- Identify high-risk SaaS and enterprise applications and prioritize remediation paths
- Deliver external attack surface quick wins through ownership mapping, remediation routing, and repeatable validation
- Partner with Security Data to define detections and reporting for SaaS, OAuth, and AI-app activity
- Create patterns, templates, checklists, office hours, and self-service evidence for developers and application owners
- Collaborate with Identity, Security Data, Vulnerability Management, IT, Legal, Procurement, and Compliance on enterprise app security controls
- Support scalable operating models that balance secure controls with user experience and business velocity
- Build an enterprise app inventory baseline including owner, criticality, data type, auth method, SSO, SCIM, admin roles, AI usage, and evidence status
Requirements:
- 8+ years in application security, product security, SaaS security, enterprise security engineering, cloud security, or related roles
- Strong understanding of web and API security, including OAuth, OIDC, SAML, SCIM, RBAC, secrets, and tokens
- Experience reviewing application architecture, identifying vulnerabilities, and guiding remediation with engineering or application owners
- Experience with SaaS governance, SSPM, CASB, app discovery, external attack surface management, or enterprise app onboarding
- Ability to build automation or tooling in one or more modern scripting or general-purpose languages
- Strong communication skills across engineers, application owners, procurement, legal, IT, and executive stakeholders
- Practical judgment in balancing security controls, user experience, and business velocity
- Experience with GenAI app governance, AI security review, API-based integrations, agentic workflows, or AI data leakage controls is valuable
- Familiarity with bug bounty, offensive security, secure code review, SAST, DAST, SCA, or security framework development is beneficial
- Experience producing audit-ready evidence for app controls and SaaS posture in high-growth or trust-sensitive environments is a plus