Overview

SailPoint is seeking a Product Security Architect to provide technical leadership and execution for an industry-leading Product Security program.  As a provider of both SaaS and enterprise software for some the world’s most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing security architecture reviews and offering consulting services as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint.

The ideal candidate will be highly collaborative and customer service oriented; balancing the right level of security with business objectives and working to creatively solve complex Product Security related problems.

This is a challenging and impactful role with security responsibilities that all product offerings and can be REMOTE or based in Austin, TX.

Responsibilities:

  • Advise on the secure design of product and application architecture.
  • Perform Threat Modelling, assess and document product risks and/or application designs.
  • Participate in expanding/maturing the SailPoint S-SDLC program
  • Work with product teams and shared services to determine appropriate scanning cadence based on risk.
  • Develop and maintain checklists and working aides for secure development.
  • Design solution blueprints that meet the security needs of the system.
  • Approve security guidance and training materials provided to development teams.
  • Provides input to security risk impact assessment.
  • Approve architecture change proposals from a security perspective.
  • Conduct Third party/Alliances assessments.
  • Be a key advisor to the overall strategy and roadmap of the Product Security Program.
  • Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.

Requirements:

  • Bachelor’s degree with 12+ years of experience/Master’s degree with 8+ years of experience in IT Security
  • 6-8 years of Technical Product Security related experience around Threat Modeling and Attack Surface Analysis.
  • US Citizenship is required due to the nature of the role
  • Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.
  • Extensive knowledge of the current Product Security threat landscape and industry best practices.
  • Extensive experience of performing Threat Modeling and Product Security design reviews and incorporating them as part of SSDLC processes.
  • Experience with compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint.
  • Experience working in Agile development with experience in the following technologies:
    • Containers (Docker, Kubernetes, or similar)
    • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
    • Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
    • Integration of Security testing tools into pipeline
    • Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
    • Source code management (GitLab, GitHub, BitBucket, or similar.)
    • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
    • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
    • Various *nix distributions
    • Cloud environment (AWS, Azure, or similar)
  • Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
  • Minimal travel (<10%) to Austin,TX
  • Certification such as CISSP, CISSP-ISSAP, CSSLP, OSCP, GSEC

SailPoint is an equal opportunity employer and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.