Product Owner – SaaS Application Engineer

Description

The Product Owner – SaaS Application Engineer functions as the product owner for a defined portfolio of enterprise SaaS applications (e.g., collaboration platforms, productivity tools, or designated enterprise SaaS systems). This role blends IT Asset Management (ITAM) disciplines—licensing, renewals, cost optimization, and compliance—with hands‑on application administration and engineering to ensure SaaS applications are secure, well‑integrated, and efficiently operated.

As the technical steward for sanctioned SaaS tools, this role partners with Security, Identity, Procurement, Finance, and Enterprise Architects to ensure applications are securely onboarded, access is governed and auditable, and manual work is automated wherever possible, supporting modernization, security, and operational efficiency of the SaaS portfolio.

Key Responsibilities

1. Product Ownership & Value Delivery (35%)

• Own roadmap and backlog for assigned SaaS applications or ITAM tooling.
• Drive operational improvements through automation, standardized practices, and governance oversight.
• Balance compliance requirements with business productivity needs.
• Act as primary interface between business stakeholders and engineering/support teams.
• Define success metrics (adoption, cost efficiency, risk posture).
• Evaluate and vet new SaaS tools for technical compatibility, security posture, integration requirements, and administrative overhead prior to adoption.

2. Application Administration & Security Engineering (35%)

• Serve as the technical application administrator for approved SaaS platforms, ensuring secure, scalable, and efficient day-to-day operations.
• Partner with Identity, Security, and other teams to configure and maintain:
  • SSO and conditional access integrations
  • MFA enforcement, admin role assignments, and security settings
  • Automation workflows for SaaS administration, including license provisioning/deprovisioning, role assignments, and access reviews
• Implement and support least-privilege access models, including management of service accounts, service principals, secrets, and API permissions.
• Oversee and automate user lifecycle processes (joiner, mover, leaver), ensuring access provisioning aligns with role, policy, and audit requirements.

• Leverage AI, APIs, scripting, and low-code platforms to reduce manual administrative effort and improve operational consistency.
• Establish and document application administration standards, including admin ownership models, access review cadences, and secure configuration baselines.
• Act as an escalation point for complex application and access-related issues beyond Tier 1/2 support.

3. SaaS Financial & Lifecycle Management (30%)

• Own the software lifecycle for defined portfolio of enterprise SaaS applications, from onboarding through renewal and retirement.
• Monitor application usage, license consumption, and spending to:
  • Identify under‑utilization and seat reclamation opportunities
  • Recommend license model changes and contract right‑sizing
• Lead renewal readiness by partnering with Finance and Procurement using historical usage and forward‑looking demand.
• Maintain a clean, authoritative SaaS inventory, including license entitlements, assigned users, admins, and integrations.
• Drive visibility and optimization of SaaS spend, utilization, and risk posture across the assigned portfolio.
• Support internal and external audits by performing periodic user access reviews and license compliance validations.
• Execute governance processes in alignment with ITAM program standards.

Required Skills:

• 3+ years of experience in SaaS application administration, or IT Asset Management, with demonstrated hands-on technical depth.
• 3+ years of demonstrated experience configuring, securing, and integrating SaaS applications in an enterprise environment, including SSO, API connections, and admin console management.
• Strong understanding of software licensing models (named, concurrent, consumption, enterprise agreements).
• Strong analytical and problem-solving skills, with the ability to connect usage, entitlement, and spend data into actionable insights and recommendations.
• Ability to maintain accurate configuration and inventory data across multiple platforms, and to identify discrepancies through data analysis and system queries.
• Demonstrated initiative in adopting and applying emerging technologies, including AI and automation tooling, to streamline operations and improve decision-making.

Desired Skills & Experience

• Working knowledge of:
  • ITAM or SAM tooling
  • CMDB or application inventory platforms
• Experience with:
  • SSO technologies (SAML, OAuth, OpenID Connect)
  • Identity platforms (e.g., Entra ID / Azure AD)
• Familiarity with:
  • Service principals, API permissions, Graph‑style access models
  • SaaS security configurations and vendor admin consoles

• Experience automating workflows using scripting, APIs, Power Platform, or similar tools.
• Bachelor’s degree
• Experience building dashboards and reports (Excel and/or BI tools) and communicating results to non-technical stakeholders.

• Comfortable operating at the intersection of governance, engineering, and cost optimization.
• Hands on experience supporting SOX, ITGC, or access review processes.
• ITAM/SAM/procurement-related certifications (IAITAM, ITIL, or similar).

Working at ICF

Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position.

The pay range for this position based on full-time employment is: