Senior Staff Enterprise Security Engineer

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike.

We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees.

We empower exceptional people to create extraordinary experiences together.

Bring your whole self.

Role and the team:
Medallia’s security team is responsible for the security of the overall Medallia platform and entire global infrastructure. Medallia leads the federal experience management market, with aggressive plans to grow and expand it into existing and new markets.

We are looking for a seasoned Security Engineer in the enterprise security space as a Sr. Staff Security Engineer. With the right expertise and experience we will be open to hire in the higher level as well. This person will create and drive the Security strategy for both product as well as enterprise use cases. This person will define what awesome security looks like when it comes to building products and apps and adopting new services at the enterprise level. Some of the domains of enterprise security this person will be responsible for are data security, AI security and IAM. It is expected for the person to be an expert in at least two of these areas. You will work across the IT, engineering, product, compliance and security operations teams to drive security strategy. You will identify key risks and implement innovative solutions to mitigate those risks. This role will be part of the CISO org at Medallia.

• Create AI Security, data protection and/or IAM strategy for Medallia
• Identify security risks by conducting threat modelling and implementing industry leading industry leading frameworks for both Medallia product and corporate use cases.
• Implement innovative tools and solutions to detect, prevent and monitor cyber risks.
• Engage with product, engineering, compliance and IT teams to ensure we meet the security and compliance requirements.
• Create overall SDLC/AppSec process that works for the development teams

Minimum Qualifications

• 8+ years of experience working within the product security/AppSec/Enterprise security teams for cloud and/or SaaS companies.
• Demonstrated experience with both private and public cloud architectures, including threat modeling
• Demonstrated experience with AI Security risks, data security, IAM, frameworks, tools and solutions.
• Demonstrate experience empowering developers to build secured software at scale.
• Demonstrated experience in products and services from major CSPs like AWS, GCP, Azure, OpenAI, or OCI.

Preferred Qualifications

• Demonstrated experience with vendor risk assessment for 3rd party SaaS applications and services.
• Proven ability to work collaboratively across and within teams
• The ability to take non technical goals and turn them into technical solutions
• Independent problem-solving capabilities and excellent communication skills

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal-opportunity workplace and is an affirmative-action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies.

Minimum Qualifications

• 8+ years of experience working within the product security/AppSec/Enterprise security teams for cloud and/or SaaS companies.
• Demonstrated experience with both private and public cloud architectures, including threat modeling
• Demonstrated experience with AI Security risks, data security, IAM, frameworks, tools and solutions.
• Demonstrate experience empowering developers to build secured software at scale.
• Demonstrated experience in products and services from major CSPs like AWS, GCP, Azure, OpenAI, or OCI.

Preferred Qualifications

• Demonstrated experience with vendor risk assessment for 3rd party SaaS applications and services.
• Proven ability to work collaboratively across and within teams
• The ability to take non technical goals and turn them into technical solutions
• Independent problem-solving capabilities and excellent communication skills

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal-opportunity workplace and is an affirmative-action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies.

• Create AI Security, data protection and/or IAM strategy for Medallia
• Identify security risks by conducting threat modelling and implementing industry leading industry leading frameworks for both Medallia product and corporate use cases.
• Implement innovative tools and solutions to detect, prevent and monitor cyber risks.
• Engage with product, engineering, compliance and IT teams to ensure we meet the security and compliance requirements.
• Create overall SDLC/AppSec process that works for the development teams