Skip to main content
Back to jobs

Staff Product Security Engineer

External
sailpoint logoSailpoint · US
Full-timeRemoteToday
Application SecurityCI/CDDevSecOpsDocumentationJavaJavaScript
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


About the role

SailPoint's Cybersecurity organization is seeking a Staff Product Security Engineer with a passion for cybersecurity and protecting the organization. The ideal candidate combines strong application security expertise with practical software engineering experience and can effectively influence to build secure, resilient products at scale. This position reports to the Director of Cyber Product Security (CPS) and the successful candidate will join a team of security engineers who collaborate with stakeholders across the organization. This role will partner closely with Engineering and the other security teams within the Cyber organization to identify security risks, drive remediation efforts, and embed security throughout the product development process. Central to SailPoint's product security program is the implementation of a shared security model that impacts all software developed by SailPoint. Under this model, CPS is responsible for multiple key areas affecting product security and collaborates with SailPoint's Engineering Product Security (EPS) team on areas of mutual responsibility. The shared responsibility model was developed to shift product security left, moving security checks to the earliest phases of our secure software development lifecycle. The staff product security engineer will have the opportunity to shape our future through process and technology optimization, capability acquisition and development, and maturation of our existing activities. They'll already be comfortable with the 4 I's at SailPoint (individual, Impact, Innovation, and Integrity) even if they're new to the concept. They will embrace new challenges and will be a positive contributor to an already positive work culture and environment. Location is remote with the ability to work from anywhere within the continental United States.

Responsibilities

  • Partner with Engineering teams throughout the software development lifecycle to identify and mitigate security risks, and implement secure deployment practices
  • Support threat modeling activities and help engineering teams implement appropriate security controls
  • Define and promote secure coding standards, security policies, best practices, and secure-by-design principles
  • Participate in the Cyber organization's efforts to leverage AI across the team, as well as the use of AI in our SSDLC.
  • Partner with Engineering on improving security testing programs
  • Coordinate internal and external application and penetration testing initiatives
  • Validate vulnerability findings and prioritize remediation based on risk
  • Perform root cause analysis and recommend long-term security improvements
  • Collaborate with the Security Operations team on security monitoring and detection capabilities for applications and services
  • Triage, coordinate, and oversee remediation for security researcher disclosures via our bug bounty program
  • Develop security training, guidance, and technical documentation
  • Interact with other organizations at SailPoint as a consultant on security-related matters
  • Required Qualifications
  • Successful candidate will meet most, if not all of the following requirements:
  • 5-7 years of experience in product security, application security, software engineering, or a related field
  • Experience with security testing tools such as: SAST, SCA, DAST, Container security scanners
  • Experience with CI/CD security controls and DevSecOps practices
  • Familiarity with one or more programming languages such as Python, Go, Java, JavaScript/TypeScript, Ruby
  • Demonstrated ability to effectively use AI-powered tools and automation to enhance security engineering productivity, research, analysis, and remediation efforts
  • Knowledge of emerging AI security risks and best practices for securing AI-enabled applications, services, and development workflows
  • Deep expertise in threat modeling, secure architecture design, and vulnerability management
  • Experience influencing engineering organizations and driving security initiatives across multiple teams
  • Knowledge of artificial intelligence software security frameworks is strongly preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework.
  • Core Competencies
  • The successful candidate will:
  • Be a highly active observer of industry security trends and threats, remaining up to date on current cyber issues
  • Have a continuous learning mindset and passion for security
  • Have strong analytical and problem-solving skills
  • Be flexible, with the ability to balance security vs the needs of the business
  • Have excellent written and oral communications skills with demonstrated commitment to producing high quality documentation
  • Be able to translate technical risks into business impact
  • Be collaborative and able to foster relationships with teams we partner with
  • First 90 Days: Discovery, Strategic Alignment, and Partnership
  • Strategic Alignment &

Benefits

Remote work optionsFlexible schedule

Additional Information

Staff Product Security Engineer


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at sailpoint? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect