Senior Security Engineer, Enterprise SaaS

The Role As a Senior Security Engineer, Enterprise SaaS, you'll serve as Ro's hands-on technical lead and builder for SaaS security posture management (SSPM) and data loss prevention (DLP). You'll define the standards, automation, and monitoring that keep our SaaS platforms secure, compliant, and reliable as the business scales. This role blends architecture with execution: you'll engineer hands-on solutions and automated workflows while guiding how Ro integrates, governs, and secures numerous SaaS services across the enterprise. You'll partner across Security Operations, IT, GRC, and Product Security to shape a unified SaaS security strategy that keeps our people productive and patient data protected.

What You'll Do

• Own the architecture, implementation, and continuous improvement of Ro's SSPM and DLP platforms driving security maturity across our robust SaaS landscape.
• Define and evolve SaaS security standards, access models, and configuration baselines that balance control with business agility.
• Engineer the SaaS lifecycle: Build scalable SaaS lifecycle automations, ranging from posture monitoring and alerting to end-to-end remediation workflows using Tines or similar orchestration platforms.
• Partner across teams to embed SaaS security into identity management, onboarding/offboarding, and vendor risk processes.
• Collaborate with Security Operations to investigate SaaS-related alerts, ensuring rapid, documented, and systemic remediation.
• Lead the integration of SaaS controls into SIEM and SOAR systems (e.g., Splunk, Tines), ensuring actionable telemetry and streamlined response.
• Contribute to compliance alignment, ensuring SSPM and DLP controls satisfy HIPAA,HITRUST and SOC 2 requirements.
• Mentor peers and share expertise across Security and IT teams, elevating overall SaaS security awareness and discipline.

What You'll Bring

• 5+ years of experience in Security Engineering or Cloud Security roles, with expertise in SaaS ecosystems, automation, and data protection.
• Proven success implementing and managing SSPM and DLP technologies such as AppOmni, Obsidian, BetterCloud, Nightfall, Netskope, etc.
• A sharp analytical mindset with the ability to ask the right questions to uncover hidden risks, coupled with the judgment to rationalize complex SaaS features against security policies and risk tolerance.
• Demonstrated experience integrating SaaS controls into SIEM/SOAR systems and automating detection, response, and reporting.
• Working knowledge of data classification, privacy, and governance frameworks relevant to healthcare or regulated industries.
• Excellent communication and collaboration skills - able to influence both technical and executive stakeholders.
• A builder's mindset - practical, automation-oriented, and focused on delivering scalable, measurable outcomes.
• Bonus: direct experience supporting HIPAA, HITRUST or SOC 2 compliance, or prior work securing cloud-first healthcare or fintech environments.

We've Got You Covered

• Full medical, dental, and vision insurance + OneMedical membership
• Healthcare and Dependent Care FSA
• 401(k) with company match
• Flexible PTO
• Wellbeing + Learning & Growth reimbursements
• Paid parental leave + Fertility benefits
• Pet insurance
• Student loan refinancing
• Virtual resources for mindfulness, counseling, and fitness

The target base salary for this position ranges from $153,400 to $186,000, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills and experience. These considerations may cause your compensation to vary. Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro'ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites).