SailPoint is seeking an experienced Cloud Security Architect to lead the secure design and strategy for SailPoint's cloud and infrastructure. As a provider of both SaaS and enterprise software for some of the world's most prestigious organizations, SailPoint strives for best-in-class security. The Cloud Security Architect will play a crucial role in setting the strategy and technical direction to ensure that our cloud infrastructure, SaaS products and data remain secure. The role will be responsible for ensuring that SailPoint's security architecture conforms to disciplined, industry best practices for cybersecurity. This role will be responsible for evaluating new solutions and developing the supporting elements required to incorporate new technologies in a safe and secure manner.
The ideal candidate will be highly collaborative, customer-service oriented, and comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences. The ideal candidate is expected to have a thorough understanding of (including but not limited to) cloud security across IaaS, PaaS, and SaaS environments, IT, security systems and stay up to date with the latest security standards and best practice security products. This candidate is also expected to have hands-on experience in designing for both small and large-scale solutions with an emphasis on security, performance, scalability, and cost. Additional responsibilities include implementing organizational policies and standards for cloud security and partnering with other teams to integrate cloud security best practices.
***Because of the nature of the role, US Citizenship is a requirement***"
Responsibilities:

• Gain a deep understanding of our current state cloud security architecture, partner with team to define future state architecture and multi-year roadmaps.
• Define a cloud security strategy, architecture, and a multi-year roadmap to address methods, and controls required to meet security and compliance requirements.
• Gather and analyze functional requirements and lead proof of concept activities with key business users and stakeholders in support of advanced use cases.
• Mentor and foster development of best practices within the Security Architecture and Engineering team.
• Work directly with project teams to enable successful project implementation applying the recommended security tools, technologies, and techniques. Provide expertise to project team engineers as needed.
• Use knowledge of current security architecture best practices and industry trends and technologies to lead the security architecture design and implementation.
• Design, build, and maintain tools/processes to effectively secure cloud-based environments. Maintain the health, performance, stability, tuning and ongoing planning of cloud and container security platforms.
• Deliver security architecture consulting and work with teams to ensure best practices like infrastructure as code, automation, and orchestration are in place.
• Secure design of the cloud architecture and documentation of the design, configurations, and associated procedures.
• Solve complex cloud security issues and protect various environments (dev/test/stage/prod) using a risk-based approach.
• Evaluates and recommend new and emerging cybersecurity products and technologies with careful documentation of technical requirements and collection of cross-functional requirements.
• Stay abreast of the threat landscape, current technologies, security compliance requirements, standards, and industry trends in order to help achieve cybersecurity's goals.
• Participate in audits pertaining to our cybersecurity processes and best practices.
• Work on key areas to develop baseline cloud, container, application, and infrastructure security standards and integrate into the CI/CD pipeline.
• Implement "security as code" using cloud services and CI/CD components as necessary.
• Respond to and, when appropriate, resolve or escalate security incidents.
• Investigate and resolve security violations by providing postmortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures.
• As needed, provide on-call support on, and not limited to, after hours and weekends such as in the event of unscheduled incident response efforts.

Requirements:

• ***Because of the nature of the role, US Citizenship is a requirement***
• Background in Enterprise Architecture.
• A solid understanding of cloud security technologies including container security, serverless security, network and application security, access management, threat detection, and data protection.
• Experiencing developing and documenting secure design, configurations, and associated procedures.
• Strong experience in analyzing, troubleshooting, and providing solutions for technical issues (problem management and issue triage).
• Experience as a technical lead; organizing and mentoring junior and intermediate level engineers.
• Cloud security architecture experience with major cloud providers: AWS (preferred), Azure, or GCP.
• Hands-on experience with Security Services in Azure, AWS or GCP such as Azure Security Center, IAM, KMS, VPC, Security Groups, AWS Inspector, GCP Security command center.
• Knowledge of industry standards and compliance frameworks: ISO, SOC, FedRAMP, NIST.
• Experience working with the following cloud and DevSecOps technologies:
  • Containers (Docker, Kubernetes, or similar)
  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
  • Continuous integration (Jenkins, Bamboo, Hudson, or similar)
  • Defect tracking (Jira, Bugzilla, ServiceNow, or similar)
  • Integration of cybersecurity testing tools into pipeline
  • Knowledge of all components of a SaaS multi-tenant product architecture
  • Hands-on experience with using and debugging REST APIs
• Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment.
• Knowledge of network based, system level, and application layer attacks and mitigation methods.
• An understanding of identity federation, authentication, and authorization (SAML, OIDC, OAuth).
• Strong collaboration and consensus building skills across various teams within the organization.
• Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
• Experience in requirement gathering and documentation.
• Sound judgment skills and ability to manage escalations.
• Ability to determine methods and procedures on new assignments with minimal instruction.
• Experience estimating effort and resources required for projects and working with project managers to structure projects.
• Proven experience in, and passion for technically leading teams, mentoring staff and driving organizational change.
• Demonstrated professional writing/communication skills.

Preferred:

• Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 12 years of related work experience, or a master's degree in Computer Science, IT Security, Information Systems, Engineering, or a related field and 8 years of related work experience as a Cloud Security Engineer or equivalent working experience.
• 3+ years of experience with Linux Administration, OpenShift, Containerization (i.e. Docker), or Kubernetes.
• Significant technical experience in cloud computing technologies and automation.
• Strong understanding of relevant AWS technologies:
  • AWS Core - Organizations, Cloudformation
  • AWS Networking - VPC, NACL & Peering
  • AWS Security - IAM, Config, KMS, Cloudtrail, Cloudwatch, GuardDuty
  • AWS Data - Redshift, Aurora, S3 & EBS
• Ability to develop simple scripts and automation in Python.
• Ability to interact with IaaS (AWS / boto) and SaaS cloud systems via API calls.
• Familiarity with SaaS cloud security (e.g., CASB, SCIM, SAML, OIDC).
• Familiarity with Linux systems security.
• Familiarity with infrastructure as code and immutable infrastructure concepts.
• One or more of the following certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Information Systems Security Architecture Professional (ISSAP)
  • Information Systems Security Engineering Professional (ISSEP)
  • Certified DevSecOps Professional (CDP)
  • GIAC Cloud Security Automation (GCSA)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Cloud Security Professional (CCSP)
  • GIAC Defensible Security Architecture (GDSA)
  • GIAC Cloud Security Essentials (GCLD)
  • Certified DevSecOps Professional (CDP)
  • AWS, Google, or Azure Architecture Certification

SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.