Sr. Product Security Engineer
About Us
SailPoint is the Worldwide Leader for Enterprise-Class Identity and Access Management (IAM). We minimize risk and maximize business growth by managing access to data and resources across your enterprise. We do it effectively and securely for every person who interacts with your organization—any user, on any device, anywhere in the world. We were first to recognize that companies could benefit from an approach to identity that addresses both IT and business priorities. We developed a unique, risk-based model and leveraged that approach for everything from compliance to user provisioning. Then we followed that with the industry's first solution for truly extending enterprise identity management to applications in the cloud.
Today, we offer comprehensive products that can handle enterprise IAM on-premises or as a cloud-based service. This gives you the freedom to choose the best solution for your current needs, while at the same time establishing a clear path for future growth.
About the Role:
SailPoint is seeking a Sr. Product Security Engineer to join our Security Team. Candidates should have a thorough understanding of the Software Development Lifecycle (SDLC), from initial design through ongoing penetration testing to vulnerability remediation. In this role, you will identify and validate vulnerabilities, work with engineering teams to identify the root cause and provide practical recommendations to remediate identified issues. We’re looking for a well-rounded engineer with a breadth of knowledge in application security.
Responsibilities:
Perform design and code reviews for security best practices.
Evaluate security vulnerability scan (SAST/DAST/IAST) findings and enforce remediation lifecycles.
Research, investigate and perform risk analysis of new findings surfaced by various application security tools and services.
Educate developers on application security best practices throughout the SDLC.
Support software developers in triaging and remediating security issues.
Manage tuning and filtering of security tooling to help remove false positives or false negatives.
Evangelize security tooling throughout the organization.
Be an influencer of change while maintaining a strong relationship with the engineering organization.
Support vendor and partner security assessments
Contribute to creation of security training and deliver to internal teams
Coordinate and manage third party penetration test.
Build and maintain bug bounty program
Develop tooling and automation to facilitate continual testing and increase coverage
Prepare reports on project progress and present results to internal and external development teams and management
Contribute to maturing process, policy and standard guidance
Background & Experience:
Extensive experience with securing cloud and SaaS technologies
Strong sense of ownership, urgency and drive.
Ability to proficiently code in Java, Objective-C, C++, Python and NodeJS.
Ability to understand various application code base regardless of the programming language.
Ability to describe security best practices to software development / engineering teams.
Ability to understand complex software architectures and their deployment models.
Ability to understand security issues identified by security scans regardless of application programming language.
Solid understanding of web application security frameworks, including OWASP Top 10
Ability to research, analyze, and understand known and new CVEs
Strong knowledge of CI/CD build systems, microservices, and continuous integration/deployment practices.
Qualifications
1+ years of experience as a Software Developer or Security Engineer with active design & development experience in languages such as Java, Python, Objective-C and NodeJS.
In-depth application development knowledge at least one of the following: Java, Python
Experience with enterprise management of SAST/DAST/IAST tools.
Experience working in collaboration with software engineering organizations to improve security posture.
Must be self-directed and able to work independently as well as in a team environment.
Resourceful in finding solutions.
Proven consulting and facilitation skills.
Excellent verbal and written communication skills.
Education:
Bachelor's degree in Computer Science or other technical discipline, or equivalent experience.
Some combination of the following security certifications: OSCP, OSWE, CTP, GIAC, CPT/CEPT, etc. AWS or other cloud solution provider certifications a plus.
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.