Senior Product Security Engineer
SailPoint is the leader in identity security for the cloud enterprise. Our identity security solutions secure and enable thousands of companies worldwide, giving our customers unmatched visibility into the entirety of their digital workforce, ensuring workers have the right access to do their job - no more, no less.
SailPoint is seeking a Senior Product Security Engineer as part of execution for an industry-leading Product Security program. As a provider of both SaaS and enterprise software for some the world's most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing highly technical hands-on work related to Product Security as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint.
The ideal candidate will be highly collaborative and customer service oriented; balancing the right level of security with business objectives and working to creatively solve complex Product Security related problems.
This is a challenging and impactful role with security responsibilities that all product offerings and can be REMOTE or based in Austin, TX.
Responsibilities
- Participate in expanding and maturing the SailPoint S-SDLC program
- Contribute to the strategy, design, and execution of security reviews and penetration tests of SailPoint products and services.
- Gain detailed understanding of SailPoint systems, software, and services, and execute penetration tests to identify vulnerabilities
- Stay up to date on the latest security vulnerabilities and analyze their applicability/impact to SailPoint products and services.
- Develop scripts or tools to automate security testing and re-product issues
- Assists tech leads and developers with technical approach for remediating product security findings.
- Support automation and tooling of security technologies to be leveraged by development teams.
- Manage product/application vulnerabilities in a consistent manner to prioritize, advise, monitor, and validate remediation.
- Provide input to security risk impact assessment .
Requirements
- US Citizenship is required due to the nature of the role
- Bachelor's degree with 5+ years of experience/Master's degree with 2+ years of experience in Application Security, SSDLC tooling, and penetration testing (manual and automated).
- Familiarity with common AppSec attack patterns and exploitation techniques.
- Ability to develop scripts to exploit common vulnerabilities such as cross-site scripting or or SQL injection.
- Experience working in Agile development with experience in the following technologies is a plus:
- Containers (Docker, Kubernetes, or similar)
- Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
- Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
- Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
- Source code management (GitLab, GitHub, BitBucket, or similar.)
- QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
- Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
- Various *nix distributions
- Cloud environment (AWS, Azure, or similar)
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
- As needed, provide on-call support on, and not limited to, after hours and weekends such as in the event of unscheduled incident response efforts
- Minimal travel (
- Certification such as CISSP, CSSLP, CCSP, OSCP, or OSWE
#LI-DM1
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.