Senior IT Security Engineer

Description

We are seeking an experienced Senior IT Security Engineer with deep expertise in SaaS Security to join our Security organization. As a cloud-native SaaS company, monday.com’s security strategy is built on identity-centric controls, Zero Trust principles, and scalable automation.

In this role, you will be responsible for designing, implementing, and maturing security controls across our SaaS ecosystem, ensuring the protection of our business applications, workforce, and corporate environment. You will own key security domains with a primary focus on SaaS security, while also contributing to the team’s broader responsibilities across identity and access management, endpoint security, email security, and network access controls.

This is a senior technical role for someone who thrives in modern SaaS-driven environments and excels at building secure, automated, scalable foundations for the business.

About The Role

• Lead and enhance security posture across key SaaS and PaaS assets, including Okta, Google Workspace, Slack, Salesforce, GitHub, monday, and many others
• Evaluate SaaS tools for security risks, misconfigurations, access exposures, and compliance gaps
• Work alongside SecOps to create threat detection for Risky SaaS activities
• Guide Implementation and maintain SSO/SAML, SCIM, RBAC, MFA, and identity lifecycle processes
• Drive SaaS posture improvements using SSPM, CASB, DLP, and internal monitoring.
• Develop and enforce SaaS security baselines and least-privilege access models.
• Partner with the GRC team to establish proper governance and ownership for critical applications and review newly procured SaaS
  
  

• You will also contribute across the team’s core security domains, including managing and improving endpoint security, enforcing device hardening and compliance, strengthening identity and access controls, enhancing email and collaboration security, and maintaining network and firewall protections. In addition, you will support security operations by crafting alerts, collaborating with the SOC, developing automations and detections, conducting access reviews and security audits, and participating in vendor evaluations, risk assessments, and deployment reviews.
  
  

• 6+ years of experience in IT Security or Cybersecurity Engineering
• Strong understanding and experienceExpertise in one or more of the following domains:
• Identity (Okta or Entra ID)
• Data Security (DLP)
• Endpoint security (EDR, MDM, BrowserDLP)
• Email security and phishing defenses
• Firewalls and cloud based network access controls (SASE)
• Hands-on experience with SSO, MFA, RBAC, SCIM, and Zero Trust models
• Experience working with SSPM / CASB platforms
• Demonstrated experience securing SaaS applications in a modern cloud-native environment.
• Ability to identify & prioritise and remediate SaaS misconfigurations and access risks
• You bring a hands-on, technical mindset and a strong sense of ownership to everything you do
• Advantage - Additional technical security skills:
• Automation experience (low-code/agentic platforms)
• Familiarity with securing AI agents, agentic workflows, and emerging SaaS threats
• Excellent analytical, troubleshooting, and cross-team collaboration skills
• Strong understanding of frameworks such as CIS, NIST, ISO 27001, SOC 2
• Prior experience in a high-growth SaaS company
• You communicate clearly in English and work effectively with global teams