Product Security Architect

SailPoint is the leader in identity security for the cloud enterprise. Our identity security solutions secure and enable thousands of companies worldwide, giving our customers unmatched visibility into the entirety of their digital workforce, ensuring workers have the right access to do their job - no more, no less.
SailPoint is seeking a Product Security Architect to provide technical leadership and execution for an industry-leading Product Security program. As a provider of both SaaS and enterprise software for some the world's most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing security architecture reviews and offering consulting services as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint.
The ideal candidate will be highly collaborative, customer-service oriented, able to balance the right level of security with business objectives, comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences, and work to creatively solve complex Product Security related problems.
Responsibilities:

• Gain an understanding of our current state product security program and partner with the team to define future state and multi-year roadmaps.
• Use knowledge of current product security best practices and industry trends to advise on the secure design of SailPoint products and services.
• Perform Threat Modelling, assess and document product risks and/or application designs.
• Participate in expanding/maturing the SailPoint S-SDLC program
• Gather and analyze functional requirements and lead proof of concept activities with key business users and stakeholders in support of advanced use cases.
• Work with product teams and shared services to determine appropriate security reviews cadence based on risk.
• Develop and maintain checklists and working aides for secure development.
• Design solution blueprints that meet the security needs of the system.
• Approve security guidance and training materials provided to development teams.
• Provides input to security risk impact assessment.
• Approve architecture change proposals from a security perspective.
• Conduct Third party/Alliances assessments.
• Be a key advisor to the overall strategy and roadmap of the Product Security Program.
• Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.
• Mentor and foster development of best practices within the Product Security team.
• Stay abreast of the threat landscape, current technologies, security compliance requirements, standards, and industry trends in order to help achieve cybersecurity's goals.
• Participate in audits pertaining to SailPoint's cybersecurity processes and best practices.
• Respond to and, when appropriate, resolve or escalate security incidents.
• Provide after-hours support on a scheduled / non-scheduled basis.

Required:

• Due to the nature of the role, only US Citizens or Green Card holders can be considered for this position
• Bachelor's degree with 12+ years of experience/Master's degree with 8+ years of experience in Cybersecurity
• 6-8 years of Technical Product Security related experience that includes Security Architecture, Threat Modeling, Attack Surface Analysis, Secure Design, Security Assessments, AppSec Security Tools, etc.
• Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.
• Extensive knowledge of the current Product Security threat landscape and industry best practices.
• Extensive experience of performing Threat Modeling and Product Security design reviews and incorporating them as part of SSDLC processes.
• Experience with compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint.
• Experience working in Agile development with experience in the following technologies:
  
  • Containers (Docker, Kubernetes, or similar)
  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
  • Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
  • Integration of Security testing tools into pipeline
  • Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
  • Source code management (GitLab, GitHub, BitBucket, or similar.)
  • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
  • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
  • Various *nix distributions
  • Knowledge of all components of a SaaS multi-tenant product architecture
  • REST APIs

• Experience in requirement gathering and documentation.
• Sound judgment skills and ability to manage escalations.
• Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
• Proven experience in, and passion for technically leading teams, mentoring staff and driving organizational change.
• Demonstrated professional writing/communication skills.
• Minimal travel (< 10%) to Austin, TX

Preferred:

• Cloud security architecture experience with major cloud providers: AWS (preferred), Azure, or GCP.
• A solid understanding of cloud security technologies including container security, serverless security, network and application security, and access management.
• Familiarity with Linux systems security.
• One or more of the following certifications:
  
  • Certified Information Systems Security Professional (CISSP)
  • Information Systems Security Architecture Professional (ISSAP)
  • Information Systems Security Engineering Professional (ISSEP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • AWS, Google, or Azure Architecture Certification

#LI-DM1
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.