Senior Security Engineer

Your opportunity

We are seeking a SaaS Senior Security Engineer to join a dynamic and growing team dedicated to vendor security and quality. You will bring a wealth of experience in third-party risk management, vendor evaluations, and SaaS integrations to assess and manage risks while driving the security lifecycle of vendor requests.

What you'll do

Manage security assessments for various vendor types, including Professional Services, SaaS, SaaS+Professional, and On-Premises.
Communicate security requirements and risk profiles across the organization, educating stakeholders on securely integrating third-party vendors.
Collaborate with security leaders, engineers, and cross-functional teams to safeguard company assets and ensure regulatory compliance and protect New Relic employees and customers from security and privacy threats.
Support and manage projects and tasks part of the third-party risk and security assessment lifecycle.
Attention to detail, the ability to handle changing priorities, and a passion for process automation and education are critical for success in this role.

Key Responsibilities

Vendor Security Assessments:

• Support the lifecycle of third-party tooling within the enterprise across all business units, including initial security review, ongoing annual reviews and ad-hoc reviews due to use case changes.
• Security reviews include vendors with access to data and systems supporting  New Relic Product.
• Review vendor-provided security artifacts for alignment with strong security practices and regulatory compliance (ISO 27001, SOC 2, PCI-DSS etc..)
• Assess AI-driven tools and SaaS platforms, identifying security risks and implementing secure recommendations.
• Keep abreast of the latest cybersecurity trends, emerging threats and evolving standards in third- party risk management, ensuring that New Relics security practices remain ahead of the curve.

Ongoing Monitoring and Risk Remediation:

• Continuously monitor vendor risks, maintain risk profiles, and develop remediation plans for identified issues.
• Automate vendor inventory tracking and streamline workflows for managing approved and unapproved tools.

Process Development and Integration:

• Manage risk assessment frameworks tailored to vendor types and business needs.
• Execute auditing processes, including SSO implementation reviews and SaaS access controls.
• Drive technical solutions to manage vendor inventory and improve operational efficiency.

Metrics and Reporting:

• Define KPIs and develop dashboards to track vendor risk management performance.
• Communicate risk insights, metrics, and remediation progress to leadership.

Collaboration and Education:

• Collaborate with cross-functional teams for vendor security events, complete client questionnaires, and assist with customer security escalations.
• Work with cross-functional teams to align technical risks with business goals.
• Educate internal teams on securely adopting and managing external vendors.
• Support the Enterprise business with project and reporting generated by Third-party management tools.
• Stay informed on cybersecurity trends, compliance requirements, and best practices.

This role requires

• Minimum 5 years of experience in third-party risk management, vendor security assessments.
• Proven expertise in evaluating diverse vendor types and implementing risk mitigation strategies.
• Understanding of data privacy principles and third-party handling of various classes of enterprise and customer data.
• Experience assessing vendors using LLM or AI capabilities.
• Ability to learn about new tools and technology, their security configurations, and identify areas of risk.
• Strong knowledge of SaaS security, SSO configurations, and AI tool evaluations.
• Demonstrated success in process automation, workflow optimization, and scaling security operations.
• Exceptional communication skills and the ability to present metrics to senior leadership.
  

Bonus points if you have

• Experience with Salesforce, GRC tools, and SaaS inventory management.
• Familiarity with security frameworks like ISO 27001, SOC 2, and NIST.
• Understanding of policy development and risk management for technical integrations.
  

Fostering a diverse, welcoming and inclusive environment is important to us. We work hard to make everyone feel comfortable bringing their best, most authentic selves to work every day. We celebrate our talented Relics’ different backgrounds and abilities, and recognize the different paths they took to reach us – including nontraditional ones. Their experiences and perspectives inspire us to make our products and company the best they can be. We’re looking for people who feel connected to our mission and values, not just candidates who check off all the boxes. 

If you require a reasonable accommodation to complete any part of the application or recruiting process, please reach out to resume@newrelic.com.

We believe in empowering all Relics to achieve professional and business success through a flexible workforce model. This model allows us to work in a variety of workplaces that best support our success, including fully office-based, fully remote, or hybrid.

Our hiring process

In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification. Note: Our stewardship of the data of thousands of customers’ means that a criminal background check is required to join New Relic.

We will consider qualified applicants with arrest and conviction records based on individual circumstances and in accordance with applicable law including, but not limited to, the San Francisco Fair Chance Ordinance.

Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic.

Candidates are evaluated based on qualifications, regardless of race, religion, ethnicity, national origin, sex, sexual orientation, gender expression or identity, age, disability, neurodiversity, veteran or marital status, political viewpoint, or other legally protected characteristics. 

Review our Applicant Privacy Notice at https://newrelic.com/termsandconditions/applicant-privacy-policy