Description:

About the job:

About Onit:

We're redefining the future of legal operations through the power of AI.

Our cutting-edge platform streamlines enterprise legal management, matter management, spend management and contract lifecycle processes, transforming manual workflows into intelligent, automated solutions.

Were a team of innovators using AI at the core to help legal departments become faster, smarter, and more strategic.

As we continue to grow and expand the capabilities of our new AI-centric platform, were looking for bold thinkers and builders who are excited to shape the next chapter of legal tech.

If you're energized by meaningful work, love solving complex problems, and want to help modernize how legal teams operate, wed love to meet you.

About The Role:

We are seeking a Cybersecurity Manager to lead security initiatives across our SaaS platforms and corporate infrastructure.

This role combines strategic leadership with technical execution, focusing on cloud-native security, Microsoft 365, and identity management through Entra ID.

You will collaborate with Compliance, Cloud Engineering, IT, and Product teams to ensure robust security for both customer-facing services and internal systems.

Key Responsibilities

- Lead and mentor a team of security engineers, fostering a security-first culture.

- Execute the cybersecurity strategy for cloud-native SaaS and corporate environments.

- Implement security controls for AWS infrastructure and Microsoft 365 ecosystem

- Manage identity and access security through Entra ID (Azure AD), enforcing MFA, conditional access, and privileged identity management.

- Develop automated incident response workflows leveraging SOAR tools and integrate threat intelligence feeds.

- Embed security champions within engineering teams to promote secure coding and CI/CD pipeline security.

- Act as product owner for security initiatives, creating user stories, prioritizing work, and guiding delivery.

- Manage vendor relationships for penetration testing, audits, and specialized security services.

- Define and report on security KPIs such as MTTR, vulnerability remediation SLAs, and cloud/corporate misconfiguration trends.

- Drive process improvements for incident response, training, and runbook development.

Required Skills & Experience

- 8+ years in cybersecurity with 4+ years in a leadership role.

- Deep expertise in cloud security (AWS required; Azure/GCP preferred) for Enterprise SaaS application.

- Experience securing Microsoft 365 services and managing Entra ID (Azure AD) for identity and access control.

- Proficiency in AWS services (VPC, IAM, EC2, RDS, S3, EKS/ECS) and security tooling (CSPM, SIEM, EDR).

- Strong knowledge of application security (SAST, DAST, SBOMs) and API security.

- Hands-on experience with incident response automation and threat intelligence.

- Ability to script and automate security solutions (Python, Bash, Jenkins, Terraform).

- Strong technical experience with Linux, Network Security, and Web Application Firewalls (Cloudflare, AWS WAF).

- CrowdStrike EDR, SIEM, CSPM experience desired

- Experience with IaC security tools (Terraform scanning, policy-as-code) is a plus

- Experience Privileged Access Management (PAM) and Just-In-Time access are a plus

- Relevant certifications (CISSP, CCSP, CISM, AWS Security Specialty, Microsoft Security certifications) are a plus.

- Strong communication, problem-solving, and collaboration skills