




Summary: Nscale is seeking a Senior Staff Engineer for Enterprise AppSec and SaaS Security to own application-layer security risk and build scalable security patterns. Highlights: 1. Lead security reviews for high-risk SaaS applications and internal apps 2. Own risk management for OAuth, OIDC, SAML, API tokens, and integrations 3. Collaborate with diverse teams on enterprise app security controls **About Nscale** ---------------- Nscale is the GPU cloud engineered for AI. We provide cost\-effective, high\-performance infrastructure for AI start\-ups and large enterprise customers. Nscale enables AI\-focused companies to achieve superior results by reducing the complexity of AI development. Our GPU cloud bolsters technical capabilities and directly supports strategic business outcomes, including cost management, rapid innovation, and environmental responsibility. We thrive on a culture of relentless innovation, ownership, and accountability, where every team member takes pride in their work and drives it with excellence and urgency. As an Nscaler, you’ll build trust through openness and transparency, where everyone is inspired to do their best work. If you join our team, you’ll be contributing to building the technology that powers the future. **About the Role** ------------------ We’re hiring a **Senior Staff Engineer \- Enterprise AppSec and SaaS Security** to own application\-layer security risk across Nscale’s enterprise estate and build practical, scalable security patterns that keep pace with the business. This role sits at the intersection of **security engineering, enterprise applications, identity, and governance**, with broad scope across high\-risk SaaS, internal apps, external\-facing services, AI tools, browser apps, OAuth integrations, and business\-critical workflows. You’ll work closely with **Identity, Security Data, Vulnerability Management, IT, Legal, Procurement, and Compliance**, while also guiding developers and application owners through secure onboarding, remediation, and evidence collection. This is a high\-impact role because identity controls alone are not enough as SaaS applications, OAuth grants, AI tools, browser extensions, admin roles, and external services continue to grow. You’ll give Nscale a clear owner for enterprise app security risk, helping strengthen control and accountability without compromising developer or employee experience. **What you'll be doing** ------------------------ **Enterprise Application Security** * **Lead** security reviews for high\-risk SaaS applications, internal apps, external\-facing services, AI tools, and business\-critical workflows * **Assess** application architecture, authentication methods, admin roles, and data handling to identify security gaps and remediation paths * **Provide** secure\-by\-design guidance for internal enterprise apps and automations * **Guide** application owners and engineering stakeholders through practical remediation approaches **SaaS Governance and Onboarding** * **Build** governance patterns covering app discovery, owner assignment, business criticality, approved use, data classification, and offboarding * **Define** secure application onboarding and exception workflows that are fast, risk\-based, and evidence\-producing * **Establish** review processes that include approval, security review, identity controls, and supporting evidence * **Drive** app\-owner accountability through clear ownership models and remediation plans **Identity, OAuth, and Integration Risk** * **Own** risk management for OAuth, OIDC, SAML, API tokens, app registrations, consent flows, and third\-party integrations * **Expand** SSO and SCIM coverage across priority applications with measurable improvement targets * **Create** practical allow, review, block, and exception criteria for OAuth grants and app registrations * **Evaluate** authentication and provisioning coverage across the enterprise application estate **Shadow SaaS, AI, and External Surface Risk** * **Develop** workflows for browser extension, AI app, API integration, and shadow SaaS risk management * **Identify** high\-risk SaaS and enterprise applications and prioritize remediation paths * **Deliver** external attack surface quick wins through ownership mapping, remediation routing, and repeatable validation * **Partner** with Security Data to define detections and reporting for SaaS, OAuth, and AI\-app activity **Enablement and Cross\-Functional Partnership** * **Create** patterns, templates, checklists, office hours, and self\-service evidence for developers and application owners * **Collaborate** with Identity, Security Data, Vulnerability Management, IT, Legal, Procurement, and Compliance on enterprise app security controls * **Support** scalable operating models that balance secure controls with user experience and business velocity * **Build** an enterprise app inventory baseline including owner, criticality, data type, auth method, SSO, SCIM, admin roles, AI usage, and evidence status **KPIs** -------- * **Enterprise app inventory baseline completeness** * **Top 20 highest\-risk SaaS or enterprise app remediation progress** * **SSO and SCIM coverage improvement for priority apps** * **SaaS, OAuth, and AI\-app detection and reporting adoption** **About You** ------------- * **8\+ years** in application security, product security, SaaS security, enterprise security engineering, cloud security, or related roles * Strong understanding of **web and API security**, including **OAuth, OIDC, SAML, SCIM, RBAC, secrets, and tokens** * Experience reviewing **application architecture**, identifying vulnerabilities, and guiding remediation with engineering or application owners * Experience with **SaaS governance, SSPM, CASB, app discovery, external attack surface management, or enterprise app onboarding** * Ability to build **automation or tooling** in one or more modern scripting or general\-purpose languages * Strong communication skills across **engineers, application owners, procurement, legal, IT, and executive stakeholders** * Practical judgment in balancing **security controls, user experience, and business velocity** * Experience with **GenAI app governance, AI security review, API\-based integrations, agentic workflows, or AI data leakage controls** is valuable * Familiarity with **bug bounty, offensive security, secure code review, SAST, DAST, SCA, or security framework development** is beneficial * Experience producing **audit\-ready evidence** for app controls and SaaS posture in high\-growth or trust\-sensitive environments is a plus **What we can offer you** ------------------------- At Nscale, you'll find a collaborative, supportive, and innovative environment where your contributions spark real impact. We're building something extraordinary, and we want you at the core. Highly competitive US compensation package (base \+ bonus \+ equity), with performance reviews every 12 months. Join one of the fastest\-growing AI infrastructure companies — your chance to directly shape how global AI capacity is planned and deployed. ✨ Expect a dynamic progression plan tailored to your ambitions. Grow by leading critical cross\-functional initiatives and shaping capital strategy — always with our full support. Human\-First Flexibility: We treat you as humans first. Our flexible workplace trusts Nscalers to deliver, giving you the autonomy to shape your day around life's moments. **Equal Opportunities Statement** --------------------------------- We strongly encourage applications from people of colour, the LGBTQ\+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio\-economic backgrounds. If there’s anything we can do to accommodate your specific situation, please let us know. The responsibilities outlined in this job description are not exhaustive and are intended to provide a general overview of the position. The employee may be required to perform additional duties, tasks, and responsibilities as assigned by management, consistent with the skills and qualifications required for the role. **Salary Range** ---------------- The range below reflects the base salary for the position. Actual compensation may vary based on job\-related factors such as skill set, experience, education, and location. In addition to base salary, this role may be eligible for bonus, equity, and/or commission programs. Nscale may offer a competitive benefits package including medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation. The range below reflects the base salary for the position. Actual compensation may vary based on job\-related factors such as skill set, experience, education, and location. In addition to base salary, this role may be eligible for bonus, equity, and/or commission programs. Nscale may offer a competitive benefits package including medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation. Salary Range $180,000 \- $230,000 USD


