SailPoint is seeking a Staff Product Security Engineer as part of execution for an industry-leading Product Security program. As a provider of both SaaS and enterprise software for some the world’s most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing highly technical hands-on work related to Product Security as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint.
The ideal candidate will be highly collaborative and customer service oriented; balancing the right level of security with business objectives and working to creatively solve complex Product Security related problems.
This is a challenging and impactful role with security responsibilities that all product offerings and can be REMOTE or based in Austin, TX.
Responsibilities:
- Configure, maintain, and tune all pipeline and traditional product and application security technologies.
- Continuously reduce false positives through calculated and repeatable suppressions to ensure utilization and adoption of the technology(s).
- Responsible for proactive scanning/auditing in early phases of the SSDLC as well as reactive scanning/auditing in later phases of the SSDLC, triage and comms to DEV teams.
- Assists tech leads and developers with technical approach for remediation.
- Support automation and tooling of security technologies to be leveraged by development teams.
- Assist in developing custom software quality tests and Security as Code solutions.
- Review designs for security defects, perform threat modelling and identify remediation solutions.
- Provide training, guidance, and assistance to development teams early in the SSDLC.
- Cultivate security ownership in the product teams.
- Communicate new security services to product teams and assist with security integration, requirement gathering, and troubleshooting failures.
- Manage product/application vulnerabilities in a consistent manner to prioritize, advise, monitor, and validate remediation.
- Produce metrics based on product findings and vulnerabilities, to include customer facing true positives and SLAs/KPIs.
- Provide input to security risk impact assessment.
- Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
- Be a key advisor to the overall strategy and roadmap of the Product Security Program.
- Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.
Requirements:
- Bachelor’s degree with 12+ years of experience/Master’s degree with 8+ years of experience in IT Security
- 6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
- US Citizenship is required due to the nature of the role
- Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.
- Extensive knowledge of the current Product Security threat landscape and industry best practices.
- Knowledge of compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint is a plus.
- Experience working in Agile development with experience in the following technologies:
- Containers (Docker, Kubernetes, or similar)
- Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
- Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
- Integration of Security testing tools into pipeline
- Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
- Source code management (GitLab, GitHub, BitBucket, or similar.)
- QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
- Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
- Various *nix distributions
- Cloud environment (AWS, Azure, or similar)
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
- Minimal travel (<10%) to Austin, TX
- Certification such as OSCP, GSEC, GPEN, CISSP, CSSLP