SailPoint’s Cybersecurity organization is seeking a Staff Product Security Engineer with a passion for cybersecurity and protecting the organization. The ideal candidate will partner closely with Engineering and other security teams to identify security risks, drive remediation efforts, and embed security throughout the product development process.
Responsibilities:
- Partner with Engineering teams throughout the software development lifecycle to identify and mitigate security risks, and implement secure deployment practices
- Support threat modeling activities and help engineering teams implement appropriate security controls
- Define and promote secure coding standards, security policies, best practices, and secure-by-design principles
- Participate in the Cyber organization’s efforts to leverage AI across the team, as well as the use of AI in our SSDLC
- Partner with Engineering on improving security testing programs
- Coordinate internal and external application and penetration testing initiatives
- Validate vulnerability findings and prioritize remediation based on risk
- Perform root cause analysis and recommend long-term security improvements
- Collaborate with the Security Operations team on security monitoring and detection capabilities for applications and services
- Triage, coordinate, and oversee remediation for security researcher disclosures via our bug bounty program
- Develop security training, guidance, and technical documentation
- Interact with other organizations at SailPoint as a consultant on security-related matters
Requirements:
- 5-7 years of experience in product security, application security, software engineering, or a related field
- Experience with security testing tools such as: SAST, SCA, DAST, Container security scanners
- Experience with CI/CD security controls and DevSecOps practices
- Familiarity with one or more programming languages such as Python, Go, Java, JavaScript/TypeScript, Ruby
- Demonstrated ability to effectively use AI-powered tools and automation to enhance security engineering productivity, research, analysis, and remediation efforts
- Knowledge of emerging AI security risks and best practices for securing AI-enabled applications, services, and development workflows
- Deep expertise in threat modeling, secure architecture design, and vulnerability management
- Experience influencing engineering organizations and driving security initiatives across multiple teams
- Knowledge of artificial intelligence software security frameworks is strongly preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework