SailPoint is the leader in identity security for the modern enterprise.
Austin, TX

Vulnerability Management Analyst at SailPoint

| Austin | Remote
Sorry, this job was removed at 5:24 a.m. (CST) on Friday, January 28, 2022
Find out who's hiring in Austin.
See all Data + Analytics jobs in Austin
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
SailPoint is seeking an experienced Vulnerability Management Analyst with demonstrated competencies and thought leadership to contribute towards the success of the vulnerability management initiatives. As a provider of both SaaS and Enterprise software for some of the world's most prestigious organizations, SailPoint strives for best-in-class security. The Vulnerability Management Analyst will play a crucial role in ensuring that our systems, data, and products remain secure. This role will be responsible for ensuring that SailPoint's vulnerability management program conforms to disciplined, industry best practices. The Vulnerability Management Analyst will be responsible for scanning, tracking, analyzing, and reporting on vulnerabilities as part of the vulnerability management process. To accomplish this, you will work closely with our internal security teams and other partners to help develop a vulnerability program that is resilient and supportable.
The ideal candidate will have a passion for security, innovation, problem-solving, and the ability to work well within a team. Participation in security audits, responding to customer security questionnaires and program maintenance are required. The candidate will be a risk centric, highly collaborative, customer-service oriented, and comfortable with driving technical ideas. Communicating clearly with technical as well as non-technical audiences is a critical component of the job. Additional responsibilities include implementing organizational policies, standards for vulnerability management and patch management while partnering with other teams to integrate best practices. This role will be a vital member of the CISO team and can be remote or based in Austin, TX reporting directly to the Manager of the Threat Exposure Management service.
  • Responsible for monitoring and reviewing vulnerability and compliance scan results and tracking remediation of vulnerabilities against Service Level Objectives (SLO).
  • Conduct ad-hoc vulnerability scans when required.
  • Perform research and analysis of scheduled and on-demand vulnerability assessments.
  • Develop risk-based remediation plans with proposed solutions to identified vulnerabilities, including system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes.
  • Interface with vendor support teams to keep abreast of developments in product lines.
  • Research security testing tools, techniques, and processes.
  • Promote collaboration with stakeholders to prioritize the remediation of vulnerabilities and close potential attack vectors.
  • Analyze penetration test results and provide remediation options to technology and business partners.
  • Monitor team mailbox and ticketing system to ensure proper steps are taken for all identified vulnerabilities and support of the Security Operations Center (SOC).
  • Understand asset criticality, identify system software, and processes that must be protected.
  • Develop vulnerability reports and score cards that define current state of the corporate risk posture.
  • Maintain knowledge of the threat landscape for prioritization of vulnerabilities, attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.
  • Provide guidance and collaborate with the Vulnerability Management engineering team to design and implement advanced vulnerability dashboards to meet operational requirements.
  • Drive automation initiatives across the vulnerability management team and operational activities that are part of maintaining security infrastructure.
  • Identify automation opportunities with cross-functional teams to integrate and enrich information from multiple platforms (e.g. Qualys, Prisma, Slack, JIRA, and other relevant tools).
  • Provide expertise in adherence of policies, procedures, and compliance with FedRAMP.
  • Liaise with compliance teams to meet compliance requirements.
  • Conduct self-driven learning/development on the Vulnerability Management industry, initiatives, innovation, and technologies.
  • Assist with providing evidence for compliance and audit requirements.
  • Establish practices, templates, policies, tools to expand and mature operational capabilities.
  • Solve complex issues and protect various environments using a risk-based approach.
  • Establishes credibility and maintains strong working relationships with business partners involved with Cybersecurity matters.

  • Intermediate knowledge of risk analytics / modeling and vulnerability assessment.
  • Experience with vulnerability scanning tools.
  • Innovative and efficiency focused with the ability to formalize program governance, processes, report templates, and metrics.
  • Demonstrated examples of creating documentation of identified vulnerabilities, remediation, and the cost/benefit analysis of risk scenarios.
  • Experience tracking trends and configure systems as required to reduce false positives from true events.
  • Excellent written, communication and presentation skills are required to communicate findings and status.
  • Demonstrate detail oriented, organized, methodical examples of complex issues with recommendations.
  • Experience in FedRAMP.
  • Experience installing, configuring, and patching Windows, Mac, Linux, and Unix.
  • Experience with regulatory and compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP.
  • Understanding of cybersecurity best practices and frameworks such as SANS Top 20 Critical Security Controls, NIST Cybersecurity Framework, MITRE ATT&CK Framework, CIS Controls and OWASP Top 10.
  • Ability to prioritize highest risk vulnerabilities and reduce noise often associated with vulnerability tools.
  • Knowledge of network, system, cloud and application layer attacks and mitigation methods.
  • Demonstrated experience managing vulnerability classification and scoring methodologies (CVSS, CVE, CWE).
  • Fundamental understanding of risk vs severity.
  • Strong understanding of differences for managing vulnerabilities on end-user devices in contrast to server operating systems.
  • Ability to manage time independently while handling multiple projects concurrently.
  • Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines.
  • Team-first attitude and interest in assisting peers on projects or as a subject matter expert on technical escalations.
  • Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into stakeholder-friendly language.
  • Ability to work effectively with both local and remote staff, teammates and managers.

  • Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 2-5 years of related work experience.
  • Ability to manage working with remediation plans in a Plan of Acton & Milestone (POA&M) format.
  • Innovative and creative individual with examples of solutions that balance the needs of the business with the needs of security.
  • A fundamental understanding of vulnerability management risk prioritization products and their usage (e.g. Kenna Security, Brinqa, Risk Sense).
  • Advanced knowledge of vulnerability management scanning platforms (e.g. Tenable, Nexpose, Qualys, QRadar, Lacework, etc.).
  • Preferred certifications: CEH, CISSP, GEVA, GPEN, GWAPT, GXPN, LPT, Security+, or other relevant certifications.

SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
See More
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Where we are

11120 Four Points Drive, Austin, TX 78726

Technology we use

  • Engineering
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • SqlLanguages
    • Twitter BootstrapLibraries
    • AngularJSFrameworks
    • Node.jsFrameworks
    • SparkFrameworks
    • SpringFrameworks
    • MySQLDatabases
    • RedisDatabases

What are SailPoint Perks + Benefits

SailPoint Benefits Overview

Experience a Small-company Atmosphere with Big-company Benefits

Volunteer in local community
Our crew members value working for an organization that prioritizes giving back to the community, and we have engaged in many community initiatives over the past year.
Partners with Nonprofits
In the past year alone we have supported many notable organizations, including Code2College, nonPareil, Black Girls Code, Foundation Communities, and HealthCode.
Friends outside of work
Eat lunch together
Intracompany committees
Team members on our ALL IN and Culture Crew committees develop and manage events that bring employees together socially and for the benefit of society.
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Documented equal pay policy
Mean gender pay gap below 10%
Diversity Employee Resource Groups
Slack is how we come together as a global team, and we have offer several Employee Resource Group channels where we celebrate our differences and encourage sharing and connection.
Hiring Practices that Promote Diversity
We prioritize hiring practices that promote diversity. This year, for example, we launched SAIL-U to help grow our team in partnership with HBCUs and historically LatinX colleges and universities.
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Onsite Gym
Retirement & Stock Options Benefits
401(K) Matching
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
SailPoint offers generous parental leave with the primary caregiver being able to take 80 fully-paid business days. Secondary caregivers can take 20 fully-paid business days.
Flexible Work Schedule
SailPoint's hybrid work environment reinforces the flexibility that has existed within our culture for many years.
Remote Work Program
As an organization that values impact over activity, we encourage crew members to manage their work schedules so they can be at their most effective within parameters established by their teams.
Family Medical Leave
Company sponsored family events
SailPoint's crew love to celebrate together, whether at a family-friendly summer BBQ or Halloween party, or while volunteering and giving back to our local communities.
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Holidays
Perks & Discounts
Beer on Tap
Casual Dress
Company Outings
When possible, SailPoint brings crew together for summer camps, quarterly meetings and other team-based events.
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Recreational Clubs
Home Office Stipend for Remote Employees
Professional Development Benefits
Job Training & Conferences
Lunch and learns
Promote from within
Mentorship program
Online course subscriptions available

More Jobs at SailPoint