[phxrsg]

That doesn't entirely work. Most companies that use Salesforce or other cloud services (thus would be the ones doing on-prem instead of SaaS) aren't hiring huge security teams geared around cloud security. Even if they are hiring security teams, they're both smaller and probably focused around internal security issues (enterprise security teams).

And I also don't accept the premise that it's the same type of engineers that the companies would hire. The security teams at cloud companies are made up of very specialized engineers that are vastly different from the average dev you'd hire to run your internal on-prem servers.

Security is one of the things that sets SaaS (by the big players) apart. Running something on-prem will not have nearly the same security resources looking at it.