Why This Job is Featured on The SaaS Jobs
Security is increasingly a product and revenue enabler in modern SaaS, especially for platforms handling sensitive enterprise workflows. This role stands out because it focuses on the operational security layer around the application itself, spanning identity, endpoints, network edge, and cloud posture across GCP and Azure. In a SaaS environment where customer trust is continuously evaluated, the ability to detect and respond well becomes part of how the company competes.
For a security professional building a SaaS career, the scope maps closely to how security functions mature as companies move upmarket. Experience tuning SIEM detections, running incident response end to end, and producing audit evidence for frameworks like SOC 2 and ISO standards translates across many SaaS businesses. The emphasis on automation and “detection as software” also aligns with how security teams scale without relying on headcount alone.
This is best suited to a senior individual contributor who prefers ownership over a narrow specialty and is comfortable partnering with engineering and IT to improve outcomes. It will fit someone who likes turning ambiguous risk into practical controls, writing clear operational documentation, and iterating on signal quality over time in a production SaaS setting.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Why Ivo?
Every civilization runs on the same infrastructure: agreements between people who don't fully trust each other. Sumerians pressed them into clay. Romans carved them into stone. We bury them in 80-page PDFs.
The way those agreements are reviewed hasn't changed in four thousand years - a human reads the whole thing and tries not to miss anything. We're building the AI that finally changes that. Ivo is the contract intelligence platform of choice for companies like Uber, Meta, Canva, IBM, and Shopify. We recently raised our Series B and have grown 800% over the last 12 months.
The Role:
We're hiring a Senior Security Engineer to own how Ivo detects, responds to, and defends against threats across our infrastructure, identity, network, and endpoints. You'll partner directly with our Head of IT & Security and work alongside engineering and IT to keep the systems behind our product safe. This is a hands-on senior IC role with broad scope: detection engineering, incident response, cloud and identity security operations, perimeter and network hardening, vulnerability management, and security automation.
Where our Application Security Engineer owns the product itself, you own everything around it: the systems, the signals, and the response. Our platform handles legally privileged documents for some of the largest companies in the world. The security stakes are real, and so is the impact.
Responsibilities
• Own detection and response across Ivo's cloud, identity, and endpoint estate.
Build and tune detections in our SIEM (Panther). Turn noisy telemetry into high-signal alerts engineers and IT actually act on, with a strong bias toward signal over noise.
Lead incident response for infrastructure, identity, and corporate-layer security events. Run investigations end to end, drive containment and recovery, and write the post-incident review.
Own cloud security posture across GCP and Azure. Find misconfigurations, prioritize real risk, and partner with engineering to close it.
Own perimeter and network security. Manage Cloudflare WAF rules, DNS security, and edge controls, and harden our network and infrastructure config against real-world attack patterns.
Run vulnerability management for our infrastructure and assets. Triage, prioritize, and drive remediation to closure rather than just forwarding scanner output.
Operate and harden identity and access (Okta, SSO, SAML, SCIM, MFA, RBAC). Own provisioning and deprovisioning hygiene, access reviews, and least-privilege enforcement.
Manage endpoint and device security (Kandji for MDM) and email security (Material). Keep the fleet hardened and monitored.
Build security automation that removes toil. Script away repetitive work, wire up SOAR-style response, and make the secure path the easy path.
Run proactive threat hunting across logs and telemetry, and develop detection coverage against the threats that actually target a company like ours.
Produce and maintain operational evidence for SOC 2 Type II, ISO 27001, and ISO 42001, and support our compliance and enterprise security review programs.
Contribute security operations input to enterprise security reviews and customer-facing trust documentation.
Partner with engineering and IT rather than blocking them. You ship paved roads, not tickets.
Who You Are:
5+ years in security operations, detection and response, or infrastructure and cloud security at a SaaS company, including time owning detection or IR for a production environment.
Hands-on detection engineering. You write and tune detections, build pipelines, and work in a SIEM directly. You don't just watch dashboards.
Strong cloud security background in GCP and/or Azure: identity, network, workload, and posture management.
Hands-on with perimeter and network security: WAF/CDN (Cloudflare or similar), DNS security, and edge controls.
Deep identity and access experience: Okta or similar IdP, SSO, SAML, SCIM, MFA, and RBAC in practice.
Real incident response experience. You've led investigations end to end, from first alert to post-incident review.
Comfortable scripting and automating (Python or similar). You can read code and build your own tooling, not just buy it.
Track record of running vulnerability management as a program, not a queue.
Excellent written communication. You can write a runbook engineers follow, a detection writeup that's genuinely useful, and a post-incident review leadership trusts.
A strong internal sense of urgency and a bias toward shipping and automating today rather than tomorrow.
Nice to have:
Detection-as-code experience (Panther, Sigma, or similar) and treating detections like software.
Experience securing AI / LLM infrastructure and the operational risks around agents and model access.
Series B or earlier experience where you built or scaled a security operations function from limited scaffolding.
GCIH, GCIA, GCFA, OSCP, or comparable hands-on credentials.
Experience with SOAR or security automation platforms.
Background supporting enterprise customers in regulated industries.
Why This Role Matters:
Ivo's customers entrust us with their most sensitive contracts. As we move further upmarket and into more regulated industries, our ability to detect and respond to threats fast is becoming a direct driver of enterprise revenue and a key part of the trust we earn at the deal table. This role owns the operational security of the company itself. The person who fills it will define what good detection and response looks like at Ivo for years to come.
FAQ
How far along are we? We launched in early access in 2023. Since then, we’ve had an incredible response from the market and are growing rapidly. We 6x'd in ARR in the last 12 months. Our clients include companies like Uber, Reddit, IBM, Canva, Pinterest, WordPress, and more. We're happy to share more details with candidates who go through our interview process.
Can I work remotely? We have an in-office culture, with some hybrid flexibility.
Compensation: The USD salary range for this role is $249K - $405K. Final offer amounts are determined by multiple factors, including, experience and expertise, and may vary from the amounts listed above.
