Staff Product Security Engineer - (REMOTE / WFH)

Overview
SailPoint is seeking a Staff Product Security Engineer as part of execution for an industry-leading Product Security program. As a provider of both SaaS and enterprise software for some the world's most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing highly technical hands-on work related to Product Security as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint.
The ideal candidate will be highly collaborative and customer service oriented; balancing the right level of security with business objectives and working to creatively solve complex Product Security related problems.
This is a challenging and impactful role with security responsibilities that all product offerings and can be REMOTE or based in Austin, TX.
Responsibilities

• Configure, maintain, and tune all pipeline and traditional product and application security technologies.
• Continuously reduce false positives through calculated and repeatable suppressions to ensure utilization and adoption of the technology(s).
• Participate in expanding/maturing the SailPoint S-SDLC program
• Responsible for proactive scanning/auditing in early phases of the SSDLC as well as reactive scanning/auditing in later phases of the SSDLC, triage and comms to DEV teams.
• Participate in expanding/maturing the SailPoint S-SDLC program
• Assists tech leads and developers with technical approach for remediation.
• Support automation and tooling of security technologies to be leveraged by development teams.
• Assist in developing custom software quality tests and Security as Code solutions.
• Review designs for security defects, perform threat modelling and identify remediation solutions.
• Provide training, guidance, and assistance to development teams early in the SSDLC.
• Cultivate security ownership in the product teams.
• Communicate new security services to product teams and assist with security integration, requirement gathering, and troubleshooting failures.
• Manage product/application vulnerabilities in a consistent manner to prioritize, advise, monitor, and validate remediation.
• Produce metrics based on product findings and vulnerabilities, to include customer facing true positives and SLAs/KPIs.
• Provide input to security risk impact assessment .
• Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
• Be a key advisor to the overall strategy and roadmap of the Product Security Program.
• Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.

Requirements

• Due FedRAMP requirements, US Citizenship is required to be considered for this role
• Bachelor's degree with 8+ years of experience/Master's degree with 4+ years of experience in IT Security
• 6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
• Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.
• Extensive knowledge of the current Product Security threat landscape and industry best practices.
• Knowledge of compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint is a plus.
• Experience working in Agile development with experience in technologies such as:
  
  • Containers (Docker, Kubernetes, or similar)
  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
  • Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
  • Integration of Security testing tools into pipeline
  • Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
  • Source code management (GitLab, GitHub, BitBucket, or similar.)
  • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
  • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
  • Various *nix distributions
  • Cloud environment (AWS, Azure, or similar)
• Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
• As needed, provide on-call support on, and not limited to, after hours and weekends such as in the event of unscheduled incident response efforts
• Minimal travel (< 10%) to Austin, TX
• Certification such as CISSP, CSSLP, CCSP, CISSP, GSEC, Security+

#LI-REMOTE
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.