Product Security Engineer

Overview

SailPoint is seeking a Product Security Engineer as part of the execution for an industry-leading Product Security program. As a SaaS and enterprise software provider for some of the world’s most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing highly technical hands-on work related to Product Security as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint.

The ideal candidate will be highly collaborative and customer service oriented; balancing the right level of security with business objectives and working to solve complex Product Security related problems creatively.

This potential team member will be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. This is a challenging and impactful role with security responsibilities that is based in SailPoint’s India Pune office. India-based remote candidates would also be considered. The candidate would be working closely with their peers in the US, therefore flexible working hours with 3-4 hours overlap with US business hours is expected.

We offer a competitive salary, great benefits, and excellent work-life balance. Plenty of opportunities to learn, grow and innovate.

Responsibilities

• Participate in expanding/maturing the SailPoint S-SDLC program.
• Responsible for proactive scanning/auditing in the early phases of the SSDLC as well as reactive scanning/auditing in later phases of the SSDLC, triage and comms to DEV teams.
• Configure, maintain and tune all pipeline and traditional product and application security technologies.
• Continuously reduce false positives through calculated and repeatable suppressions to ensure utilization and adoption of the technology(s).
• Assists tech leads and developers with a technical approach for remediation.
• Support automation and tooling of security technologies to be leveraged by development teams.
• Assist in developing custom software quality tests and Security as Code solutions.
• Review designs for security defects, perform threat modeling and identify remediation solutions.
• Provide training, guidance, and assistance to development teams early in the SSDLC.
• Cultivate security ownership in the product teams.
• Communicate new security services to product teams and assist with security integration, requirement gathering, and troubleshooting failures.
• Manage product/application vulnerabilities in a consistent manner to prioritize, advise, monitor, and validate remediation.
• Provide input to security risk impact assessment​.
• Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
• Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.

Requirements

• 3-5 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
• Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.
• Extensive knowledge of the current Product Security threat landscape and industry best practices.
• Knowledge of compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint is a plus.
• Experience working in Agile development with experience in technologies such as:
  • Containers (Docker, Kubernetes, or similar)
  • Integration of Security testing tools into the pipeline
  • Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
  • Source code management (GitLab, GitHub, BitBucket, or similar.)
  • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
• Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
• As needed, provide on-call support on, and not limited to, after hours and weekends such as in the event of unscheduled incident response efforts

SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

SailPoint is an equal opportunity employer and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.