SailPoint is seeking a Product Security Architect to provide technical leadership and execution for an industry-leading Product Security program. As a provider of both SaaS and enterprise software for some the world’s most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing security architecture reviews and offering consulting services as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint.
The ideal candidate will be highly collaborative and customer service oriented;balancing the right level of security with business objectives and working to creatively solve complex Product Security related problems.
This is a challenging and impactful role with security responsibilities that all product offerings and can be REMOTE or based in Austin, TX.
Responsibilities:
- Advise on the secure design of product and application architecture.
- Perform Threat Modelling, assess and document product risks and/or application designs.
- Participate in expanding/maturing the SailPoint S-SDLC program
- Work with product teams and shared services to determine appropriate scanning cadence based on risk.
- Develop and maintain checklists and working aides for secure development.
- Design solution blueprints that meet the security needs of the system.
- Approve security guidance and training materials provided to development teams.
- Provides input to security risk impact assessment.
- Approve architecture change proposals from a security perspective.
- Conduct Third party/Alliances assessments.
- Be a key advisor to the overall strategy and roadmap of the Product Security Program.
- Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.
Requirements:
- Bachelor’s degree with 12+ years of experience/Master’s degree with 8+ years of experience in IT Security
- 6-8 years of Technical Product Security related experience around Threat Modeling and Attack Surface Analysis.
- US Citizenship is required due to the nature of the role
- Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.
- Extensive knowledge of the current Product Security threat landscape and industry best practices.
- Extensive experience of performing Threat Modeling and Product Security design reviews and incorporating them as part of SSDLC processes.
- Experience with compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint.
- Experience working in Agile development with experience in the following technologies:
- Containers (Docker, Kubernetes, or similar)
- Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
- Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
- Integration of Security testing tools into pipeline
- Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
- Source code management (GitLab, GitHub, BitBucket, or similar.)
- QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
- Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
- Various *nix distributions
- Cloud environment (AWS, Azure, or similar)
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
- Minimal travel (<10%) to Austin,TX
- Certification such as CISSP, CISSP-ISSAP, CSSLP, OSCP, GSEC