Job Description Insight Global seeking a highly experienced CloudAppSec – Senior Security Engineer / Lead to own and drive SaaS and cloud application security across a complex insurance and financial enterprise of one of their top clients. This role will lead a Continuous Threat Exposure Management (CTEM) program, enforce Zero Trust principles for application access, and harden data paths end-to-end. You will be the primary or secondary owner of platforms including Obsidian (SSPM), Zscaler (ZIA/ZPA/DLP/Risk360/Browser Isolation), and CrowdStrike NG-SIEM, integrating controls and telemetry across Cribl, ServiceNow SecOps, and working closely with App Owners, CSIRT, and Identity teams. Key outcomes in the first year include reducing material risk in top SaaS platforms (e.g., misconfigurations, OAuth sprawl, stale tokens), delivering a production-ready DLP strategy with tuned classifiers and incident runbooks, establishing complete logging and tiered detections, and launching quarterly CTEM cycles with measurable MTTR improvements. You’ll engineer Zscaler policies for data-in-use and data-in-motion protections, build detections for SaaS abuse scenarios, and define secure onboarding playbooks for M&A and SaaS intake. The role also involves partnering with Software Development on CSPM/ASPM posture, integrating IR/VR playbooks in ServiceNow, and aligning with regulatory frameworks like NYDFS, ISO 27001, and NIST 800-53/CSF. Tooling includes Obsidian, Zscaler, CrowdStrike NG-SIEM, Cribl, ServiceNow SecOps, Varonis, Mimecast, Grip, and Palo Alto NGFW/Panorama. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/. Skills and Requirements · - 5–8+ years in AppSec/Cloud/SaaS security at enterprise scale · - Hands-on experience with Zscaler ZIA/ZPA/DLP and at least one SSPM/CASB platform (Obsidian, Netskope, Palo Alto SaaS Security, etc.) · - Strong detection engineering fundamentals (log schemas, threat modeling, ATT&CK mapping) with SIEM pipelines (Cribl helpful) · - Proven DLP tuning experience and incident lifecycle in ServiceNow SecOps - Familiarity with insurance/financial regulatory expectations (ISO 27001, NIST 800-53/CSF, NYDFS) ExVaronis for data security · 2. Grip Security exposure mapping · 3. Extrahop for network-side signals · 4. Mimecast for mail channel controls · 5. Experience with Pentera/AttackIQ for control validation · 6. Risk360 for risk storytelling